VP, Application Security

Axos Bank

Target Range:

$115,000.00 /Yr. - $200,000.00 /Yr.

Actual starting pay will vary based on factors including, but not limited to, geographic location, experience, skills, specialty, and education.

Eligible for an Annual Discretionary Cash Bonus Target:

Eligible for an Annual Discretionary Restricted Stock Units Bonus Target:

These discretionary target bonuses may be awarded semi-annually based upon your achievement of performance goals and targets.

About This Job

Axos Bank is a digital-first financial institution redefining banking through technology, speed, and customer focus. Security is foundational to how we innovate, and we're looking for leaders who can protect the code, the APIs, and the trust we've built with our customers. Join us in shaping the future of secure digital finance.

We are seeking an experienced and strategic Vice President of Application Security to lead and mature the bank’s secure development program — with a strong focus on API security. This role will ensure our modern, cloud-native apps and service-based architectures remain resilient to today’s evolving threats.

You will work cross-functionally with Engineering, DevOps, Risk, and Compliance to embed robust security practices across the entire SDLC, including all internal and external APIs that power our mobile, web, and partner integrations.

This position is on-site at any of our office locations (San Diego CA, Irvine CA, Los Angeles CA, Las Vegas NV, Centennial CO, Omaha NE, Overland Park KS, Edison NJ) or 100% Remote, depending upon your location.

Key Responsibilities:

Program Leadership & Strategy

• Define and lead Axos Bank’s enterprise-wide application security strategy, with API security as a core pillar.
• Drive adoption of secure-by-design principles across agile teams and product lifecycles.

API Security Oversight

• Develop and enforce standards for secure API design, authentication, authorization, rate-limiting, and input validation.
• Partner with Engineering and Architecture to protect internal and external-facing APIs using gateway security patterns (e.g., OAuth 2.0, mTLS, API Gateway policies).
• Integrate automated API scanning tools into the CI/CD pipeline and oversee API penetration testing.

DevSecOps Enablement

• Embed application security checks (SAST, DAST, IAST, SCA) and API-specific testing into build pipelines.
• Automate detection of vulnerable third-party packages and misconfigurations in API endpoints and microservices.

Threat Modeling & Secure SDLC

• Lead secure design reviews and threat modeling exercises for all major application and API launches.
• Build reusable threat model templates for common API patterns (REST, GraphQL, etc.).

Governance, Risk & Compliance

• Ensure application and API security practices comply with GLBA, FFIEC, FDIC, PCI DSS, and other financial regulatory frameworks.
• Work with GRC and Compliance to ensure visibility into risks associated with third-party APIs and integrations.

Team Leadership

• Hire, mentor, and manage a team of application and API security engineers.
• Create a culture of security awareness among developers, architects, and product owners.

Cross-Functional Engagement

• Act as a trusted advisor to Dev and Product teams on secure architecture patterns, API token management, and zero-trust integration strategies.
• Translate technical risks into business impact for executive reporting and risk committees.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field; Master’s preferred.
• Experience:
  • 5+ years in information security, including 2+ years in application security roles.
  • Extensive experience designing and securing APIs in high-scale, cloud-native environments.
  • Financial services experience is strongly preferred.
• Technical Expertise:
  • Deep knowledge of OWASP Top 10 (including API Security Top 10), secure coding, and threat modeling.
  • Proficiency in securing RESTful and GraphQL APIs; experience with tools like Postman, Burp Suite, 42Crunch, or API Sentinel.
  • Familiar with JWT, OAuth2, OIDC, rate limiting, API Gateway policies (e.g., Kong, Apigee, AWS API Gateway).
• Certifications (Preferred):
  • CSSLP, OSWE, CISSP, or API-specific credentials like API Security Architect (APIsec University).

Axos Employee Benefits May Include:

• Medical, Dental, Vision, and Life Insurance

• Paid Sick Leave, 3 weeks’ Vacation, and Holidays (about 11 a year)

• HSA or FSA account and other voluntary benefits

• 401(k) Retirement Saving Plan with Employer Match Program and 529 Savings Plan

• Employee Mortgage Loan Program and free access to an Axos Bank Account with Self-Directed Trading

About Axos

Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.

Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).

Learn more about working at Axos

Pre-Employment Background Check and Drug Test:

All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment drug screening, which includes screening for marijuana. Axos Bank is a federally regulated banking institution. At the federal level, marijuana is an illegal schedule 1 drug; therefore, we will not employ any person who tests positive for marijuana, regardless of state legalization.

Equal Employment Opportunity:

Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.

Job Functions and Work Environment:

While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.

The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.