Application Security Manager at Qoria

Want to deliver tech with purpose, with people who care?

Join us in our mission to create solutions that help keep children safe online.

Who are we?

At Qoria, we're on a mission to make the digital world safer for children. Headquartered in Perth and listed on the ASX, our technology protects over 22 million kids across 180 countries. Through our Linewize, Smoothwall, and Qoria brands, we help schools and families identify online risks, block harmful content, and create safer digital learning environments.

What’s the opportunity?

The Application Security Manager is responsible for safeguarding the security of Qoria’s software applications. This role leads the application security engineering team and manages key programs including secure code scanning tools, penetration testing, bug bounty operations, WAF oversight, and vulnerability management compliance. The Application Security Manager ensures that our products are resilient to threats, compliant with security standards, and continuously improving in response to an evolving risk landscape.

Duties: What are my day to day duties?

The Application Security Manager is responsible for overseeing a broad range of activities to strengthen Qoria’s application security posture. This includes leadership across people, programs, and platforms, continuous improvement of tooling and process, and technical leadership. 

Vulnerability Management

You will be responsible for overseeing Qoria’s Vulnerability Management Program, ensuring that all identified vulnerabilities are handled in accordance with our internal policy. This program is a cross-functional initiative sponsored by the CTO, CPO, and CISO, and involves active participation from all areas of Engineering.

Penetration Testing & Security Assessments

This role oversees all penetration testing activities, including scheduling, scoping, and vendor management for third-party assessments. You’ll collaborate with engineering and product teams to drive timely remediation of findings, and you’ll play a key role in performing early-stage threat modelling and security reviews for new product features before they are released.

Code Security & Repository Governance

You will manage secure development tooling (including SAST, SCA, and related GitHub workflows) and ensure their integration into the SDLC. You’ll drive code repository hygiene, while managing and reducing technical debt tied to security issues.

Bug Bounty & Vulnerability Disclosure Programs

You will oversee Qoria’s Bug Bounty and Vulnerability Disclosure Program (VDP), working closely with our triage partners to ensure that submissions from security researchers are assessed efficiently and accurately. While triage is handled externally, you will be responsible for managing internal coordination, validating findings where needed, driving timely remediation with engineering teams, facilitating rewards, and continuously improving the program based on submission trends, feedback, and emerging threat intelligence.

Web Application Firewall (WAF) Oversight

You’ll manage WAF configurations and tuning to mitigate real-time application threats, working closely with engineering teams to ensure that all externally-facing applications are adequately protected. Your insight will be critical in aligning WAF rules with current attack patterns and Qoria’s broader threat model.

Security Communication & Developer Enablement

A core part of your success will lie in how well you foster a culture of security. You will lead Qoria’s Engineering Security Communication Program, delivering updates, training, and awareness campaigns that help developers build securely from the ground up. You’ll also oversee the approval and tracking of security tasks and support engineering teams with hands-on guidance and governance.

Team Leadership & Strategic Growth

As a team leader, you will manage, mentor, and expand the Application Security Engineering team. You will define clear goals, foster professional development, and build a collaborative, high-performing security culture. In partnership with the Director of Product Security, CISO and other senior leaders, you will also contribute directly to the evolution of Qoria’s global security strategy, ensuring application security scales effectively with the organisation’s growth.

Performance: How is my performance measured?

• Deliver on Program Ownership: Timely and effective execution of penetration testing cycles, bug bounty management, engineering communications, WAF coverage, and vulnerability remediation workflows.

• Meet Security SLAs: Ensure vulnerabilities - whether from scans, pen tests, or bug bounty disclosures - are triaged and remediated within defined SLAs.

• Drive Secure Development Practices: Measurable improvements in the security maturity of engineering practices (e.g. shift-left adoption, SAST/SCA coverage, developer training completion).

• Produce Actionable Reporting: Regular and high-quality reporting of application security posture, including clear KPIs, trends, and evidence for audit and board-level visibility.

• Lead and Empower the Team: Foster a high-performing AppSec engineering team with clear goals, mentorship, and measurable team engagement.

• Stakeholder Collaboration: Demonstrated trust and responsiveness in working with product, engineering, DevOps, compliance, and third-party vendors.
  Incident and Threat Readiness: Proactive participation in incident handling and real-time intelligence response to emergent threats.

Requirements: What skills & experience is required?

What skills & experience are required?

• 5+ years of experience in Application Security, including secure SDLC integration, with 2+ years in a technical leadership or management role.

• Deep expertise in secure development practices, penetration testing methodologies, and OWASP Top 10/CWE.

• Background & experience in software development 

• Hands-on experience with SAST, SCA, and WAF tools, CI/CD pipeline integration, and code repository security governance.

• Proficiency with vulnerability management platforms 

• Strong communication skills and experience managing cross-functional stakeholders, external vendors, and security researchers.

• Bachelor’s degree in Computer Science, Information Security, or related field.

• Certifications such as OSWE, CISSP, GWAPT, CSSLP, or GIAC AppSec tracks.

• Experience with regulatory frameworks (e.g. SOC2, ISO 27001).

• Familiarity with threat modeling methodologies (STRIDE, PASTA, etc.).

To be successful in this role, you must:

• Be strategic yet hands-on, capable of setting security direction while diving into technical problem solving when needed.

• Possess strong communication skills, especially in translating technical risk into business impact and driving action across teams.

• Be a bridge between security and engineering - respected by developers, trusted by leadership, and responsive to operational realities.

• Show bias for action: take ownership of issues and drive them to resolution, especially in fast-paced or ambiguous environments.

• Demonstrate technical fluency with modern DevSecOps tooling, secure code review, GitOps, and vulnerability prioritization.

• Have a continuous improvement mindset, always looking to refine processes, reduce false positives, and automate where possible.

• Embody calm leadership under pressure, particularly in incident response or when communicating about newly discovered vulnerabilities.

Why choose us?

• Deliver tech with purpose...

As a member of our Engineering team, your work truly matters. Your skills, knowledge and ideas will all help children stay safe online. It feels good to do good.

• With people who care...

Our Engineers are amazing! They’re also amazingly supportive. We all take ownership of our work, end to end. And at the same time, we really care about growing and winning together.

• Through work that you love...

You’ll get to work on solving problems for a global engineering team that has a user base in the tens of millions. And you'll be exposed to modern technologies and processes, in a fast-paced and supportive learning environment.

• And a career that you own...

This role offers so many opportunities to expand your skills and grow your career. You’ll get to attend local software conferences, paid for by us. And as you step up and take ownership to make things happen, you’ll carve out an incredible career.

Shortlisting will commence immediately.