CTM Senior Manager – Application Security

As part of our Cyber Security team, you will help secure cloud/on-prem applications and platform while ensuring seamless development, build and deployment capabilities. You will be responsible for designing secure software based by identifying security use cases during the design and development stage. You will work closely with DevOps, architects, developers and QA teams to build highly reliable and secure products. You shall also coach development teams on building a security culture and provide recommendations on vulnerabilities and development best practices.

The opportunity

We’re looking for Senior Manager to lead high impact application security engagements for enterprise clients. You will drive delivery, mentor teams, expand client relationships and share practice offerings in Secure SDLC, DevSecOps, Cloud security and Threat Modeling. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of new service offerings. This is a client-facing leadership role requiring both hands-on technical depth and executive level communication.

Your key responsibilities

• Client Delivery & Leadership
  • Lead end-to-end application security assessments (SAST/DAST/SCA, penetration testing, secure code review, threat modeling).
  • Design and implement Secure SDLC frameworks for Agile/DevOps environments.
  • Advise CISOs and CTOs on application security strategy, roadmaps, and ROI.
  • Manage large multi-workstream engagements
• Practice Development
  • Develop proprietary methodologies, accelerators, and IP in AppSec (e.g., AI-driven secure coding, zero-trust app architecture).
  • Contribute to thought leadership — whitepapers, webinars, conference talks (Black Hat, RSA, OWASP).
  • Support proposal development and deal closure for strategic pursuits.
• People & Team Leadership
  • Mentor and performance-manage a team of 20-25 consultants (Managers, Seniors, Analysts).
  • Build high-performing, diverse teams with a focus on technical excellence and client empathy.
  • Drive utilization, training, and career development.

Skills and attributes for success

• Experience building AppSec programs from the ground up.
• Published research or open-source contributions in application security.
• Familiarity with regulatory frameworks (PCI DSS, HIPAA, GDPR, NIST SSDF).
• Executive presence — ability to influence CxOs and simplify complex technical risks.

To qualify for the role, you must have

• BE/ B.Tech/ MCA.
• Minimum of 12 years of full-time work experience as part of security testing, Designing and running security programs and as a security architect
• Strong communications and interpersonal skills
• Prior Big 4 experience as a Manager or SM

Ideally, you may also have

• CISSP, CSSLP or any other relevant security certification
• Experience with security assessments and knowledge of security tools used across the SDLC
• Experience working in an Agile environment

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you