Manager, Product and Application Security

Meet Benevity

Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!

As the Manager of Product and Application Security at Benevity, you will play a critical role in integrating security into the software development lifecycle, ensuring our products and applications are secure, resilient, and trusted by our users. You will oversee the implementation of security practices across software development, drive risk-based remediation, and lead efforts to align security tools, technologies, and processes with modern development methodologies.

You will be responsible for evaluating and implementing security solutions such as Static Code Analysis (SCA), Software Composition Analysis (SCA), API and Microservices Security, and other key security technologies. Additionally, you will oversee penetration testing, vulnerability assessments, and responsible disclosure programs, working closely with engineering teams, clients, and external researchers to protect our platform and users.

What you’ll do:

Security in Development & Application Security Practices

• Partner with development and DevOps teams to embed security into CI/CD pipelines, ensuring security is a seamless part of software delivery
• Lead the selection, implementation, and ongoing management of Static Code Analysis (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) solutions. Develop and maintain metrics to demonstrate the effectiveness of these tools
• Design and enforce security best practices for API and Microservices Security, including authentication, authorization, and secure data transmission. Provide expert guidance and consultation on API security best practices
• Mentor and coach engineering teams on secure coding practices, secure software design principles, and threat modeling methodologies. Develop and deliver training programs on advanced security topics

Risk Assessment & Vulnerability Management

• Conduct comprehensive risk assessments on applications, identifying vulnerabilities and their potential business impact
• Oversee penetration testing efforts, analyzing findings and working closely with engineering teams to remediate vulnerabilities
• Develop and maintain a risk-based prioritization framework, balancing security vulnerabilities with business impact, engineering priorities, and regulatory requirements. Communicate risk assessments and mitigation plans to senior leadership
• Continuously monitor and improve Benevity’s security posture by analyzing application security metrics, threat intelligence, and industry trends. Proactively identify and address emerging threats

Responsible Disclosure & External Engagement

• Manage and enhance Benevity’s Responsible Disclosure Program, ensuring security researchers and external parties have a clear and efficient process for reporting vulnerabilities. Develop and maintain communication protocols for handling responsible disclosures
• Engage with clients, external researchers, and vendors on publicly disclosed vulnerabilities, ensuring transparent and effective remediation
• Lead security incident response efforts related to product vulnerabilities and coordinate public disclosures as needed

Security Awareness & Enablement

• Deliver security training for developers and engineers, focusing on secure coding, threat modeling, and emerging risks
• Foster a culture of security awareness and ownership within the product and engineering organization, promoting security as an enabler rather than a blocker. Champion security initiatives and drive adoption of secure development practices
• Provide guidance on security standards such as OWASP Top 10, NIST, and ISO 27001 to align product security with industry best practices

Compliance & Continuous Security Improvements

• Continuously evaluate emerging security tools and technologies, integrating the best solutions to enhance application security
• Align security strategies with compliance and regulatory frameworks relevant to Benevity’s operations
• Work closely with DevOps and platform teams to implement security automation and infrastructure-as-code security solutions

What you’ll bring:

• Bachelor’s degree in Computer Science, Information Security, or relevant experience in a related field
• 8+ years of progressive experience in application security, with a strong focus on secure development, vulnerability management, and DevSecOps. Demonstrable experience leading and mentoring security teams
• Hands-on expertise with Static Code Analysis (SAST), Software Composition Analysis (SCA), API security, and Microservices security best practices
• Experience with penetration testing methodologies, vulnerability scanning tools, and risk assessment frameworks
• Deep understanding of security risks, their criticality, and how to prioritize remediation in an agile development environment
• Familiarity with security frameworks such as OWASP SAMM, BSIMM, or NIST CSF
• Experience implementing security in modern development practices, including CI/CD pipelines, container security, and cloud security
• Experience with responsible disclosure programs and working with external security researchers and clients
• Strong problem-solving and analytical skills, with the ability to communicate security concepts effectively to both technical and non-technical audiences
• Relevant security certifications (e.g., CISSP, CISM, OSCP, CSSLP, GWAPT) are a plus

Discover your purpose at work

We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …

Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.

If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …

It’s time to join Benevity. We’re so excited to meet you.

Where we work

At Benevity, we have developed a Community First approach that we design our people's experience around with goals to build a strong community and culture, achieve stellar execution of our business goals and social mandate, and ensure Benevity-ites thrive. For those who live within a reasonable commuting distance to an office, we can split our time working in the office and from home to optimize the opportunities of both, with the requirement that we spend at least 50% of the time in the office.

Join a company where DEIB isn’t a buzzword
Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.

We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine. 

That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.

Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to accommodations@benevity.com.