Head of Application Security Team

The Head of Application Security Team will be responsible for building and owning the end-to-end Product Security lifecycle across all company products. This role involves defining, implementing, and enforcing Secure SDLC, leading Product Security teams, driving security architecture reviews, and managing the product vulnerability lifecycle. The position also requires overseeing pentesting strategy, ensuring secure cloud-native service usage, partnering with leadership, and leading product-related security incidents.

• Build and own the end-to-end Product Security lifecycle across all company products
• Define, implement, and enforce Secure SDLC, embedding security from design through production
• Lead and manage Product Security teams including Pentesting, Application Security, Application Security Architecture, DevSecOps, and Cloud Security Operations
• Drive security architecture reviews and threat modeling for new and existing products
• Own product vulnerability management, including discovery, triage, prioritization, remediation tracking, and verification
• Define and oversee pentesting and offensive security strategy, scope, cadence, and remediation follow-up
• Ensure secure usage of cloud-native services, APIs, and third-party dependencies within products
• Partner with Engineering, Product, and Infrastructure leadership to align security with business objectives
• Lead product-related security incidents, including root cause analysis and long-term corrective actions
• Define and report Product Security KPIs and metrics to executive stakeholders

• 8+ years of experience in Product Security, Application Security, or DevSecOps
• Proven experience building or scaling a Product Security function in a product-based organization
• Strong expertise in Secure SDLC and security integration into modern development workflows
• Hands-on experience with application security testing, threat modeling, and secure architecture reviews
• Strong understanding of cloud-native architectures and product-related cloud security risks
• Experience managing multi-disciplinary security teams across AppSec, Pentest, DevSecOps, and Cloud Security
• Experience owning vulnerability lifecycle management with risk-based prioritization
• Ability to translate technical security risks into business impact and decisions
• Strong written and verbal communication skills in English
• Experience in iGaming, FinTech, SaaS, or other regulated industries (will be a plus)
• Hands-on experience with Kubernetes and containerized environments (will be a plus)
• Exposure to red teaming or adversary simulation (will be a plus)
• Familiarity with security-related compliance frameworks (e.g. ISO 27001, PCI DSS, SOC 2) (will be a plus)
• Strong ownership and accountability mindset
• Product-first, pragmatic approach to security
• Clear communicator across technical and non-technical audiences

• Paid vacations, sick leave, personal events days, days off
• Corporate health insurance program for your well-being
• Referral program — enjoy cooperation with your colleagues and get the bonus
• Educational programs: regular internal training sessions, compensation for external education, attendance of specialized global conferences
• Rewards program for mentoring and coaching colleagues
• Free internal English courses
• Yoga classes to help you stay active and energized
• In-house Travel Service
• Multiple internal activities: online platform for employees with quests, gamification, presents and news, RedCore clubs for movie / book / pets lovers, special office days dedicated to holidays
• Company events, team buildings

PIN-UP Global is an international holding specializing in the development and implementation of advanced technologies, B2B solutions, and innovative products for the iGaming industry.

Read more about Pin-Up Global →