OneMain Financial Jobs

Overview

We are seeking an experienced Team Lead of Application Security Engineering to establish, lead, and mature our Application Security (AppSec) Program. This senior leadership role will build a comprehensive program encompassing developer awareness, secure coding practices, training initiatives, and security enablement across the software development lifecycle. As the senior security leader for our [location] office, this position serves dual responsibilities: driving application security excellence enterprise-wide while providing local leadership, mentorship, and support to all security team members in the office.

Key Responsibilities

Application Security Program Development & Leadership

• Design and implement a comprehensive Application Security Program from strategy through execution, including policies, standards, processes, metrics, and tools

• Establish and mature security practices across all phases of the SDLC, including threat modeling, secure design reviews, code analysis (SAST/DAST/SCA), penetration testing, and security acceptance criteria

• Drive security awareness initiatives that elevate secure development practices across engineering teams, fostering a security-first culture

• Develop and deliver training programs for developers, architects, and product teams on secure coding, threat modeling, and emerging security risks

• Create enablement frameworks that reduce security friction while improving adherence to security standards and best practices

• Build security champions programs to embed security advocates within development teams

• Define and track program metrics and KPIs to measure security posture improvements, vulnerability reduction, and program maturity Technical Leadership & Innovation

• Architect and implement AppSec tooling strategies, integrating security into CI/CD pipelines and developer workflows

• Evaluate and adopt emerging security technologies and methodologies, including AI-powered security tools and secure AI development practices

• Partner with engineering leadership to balance security requirements with development velocity and business objectives

• Stay current with application security trends, vulnerabilities, and attack vectors, adapting the program to accommodate the changes from these threats/risks.

• Lead, mentor, and develop a team of 5-10 Application Security Engineers and Architects

• Build team capabilities through hiring, skills development, career planning, and performance management

• Foster a collaborative culture that emphasizes continuous learning, innovation, and operational excellence

• Allocate resources effectively across program initiatives, security assessments, and incident response activities, ensuring the team meets Service Level Agreements (SLAs) and Service Level Objectives (SLOs) Office Leadership & Cross-Functional Collaboration

• Serve as the senior security leader for the [location] office, providing guidance, support, and mentorship to all security personnel in the office regardless of functional reporting structure

• Act as the primary point of contact for office-based employees seeking security leadership, career guidance, or organizational support

• Build and maintain strong relationships with engineering, product, DevOps, and business stakeholders

• Communicate program strategy, progress, and risk to executive leadership and the CISO

• Collaborate with peer security leaders to ensure consistency and knowledge sharing across the enterprise security program

• 10+ years of application security experience with progression into leadership roles

• 5+ years leading application security programs, including program design, implementation, and maturation

• 3+ years managing and developing security teams, with demonstrated success in team building and talent development

• Proven track record establishing security awareness, training, and enablement programs that drive measurable improvements in security posture

• Deep expertise across the full SDLC, including secure design, code review, security testing, and deployment practices

• Hands-on experience with AppSec tools and technologies (SAST, DAST, SCA, WAF, API security, secrets management, etc.) Technical Skills

• Strong understanding of modern application architectures (cloud-native, microservices, APIs, containerization)

• Proficiency with common programming languages and frameworks

• Knowledge of security frameworks and standards (OWASP, NIST, BSIMM, ISO 27001)

• Experience integrating security into CI/CD and DevSecOps environments Leadership & Communication

• Executive presence with ability to communicate complex security concepts to technical and non-technical audiences

• Strategic thinking balanced with tactical execution capabilities

• Influence without authority skills to drive security culture change across development organizations

• Strong interpersonal skills for coaching, mentoring, and building trust with diverse stakeholders

• Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience)

• Desired security certifications (CISSP, CSSLP, CEH, OSCP, or similar)

• Experience with AI/ML security, including secure development practices for AI systems, model security, prompt injection prevention, and AI-powered security tools

• Knowledge of AI security frameworks and emerging standards (OWASP LLM Top 10, NIST AI Risk Management Framework)

• Experience in highly regulated industries (financial services, healthcare, government) with compliance requirements

• Master's degree in relevant field

• Experience with security metrics and reporting to board-level audiences

• Previous experience in multi-site or distributed team leadership Leadership Expectations

• This role requires a leader who can:

• Inspire and empower teams to deliver security excellence while maintaining development agility

• Navigate ambiguity in a fast-paced environment with competing priorities

• Build consensus across diverse stakeholder groups with differing objectives

• Demonstrate servant leadership by supporting team growth and removing barriers to success

• Model security-first behaviors that set the tone for the broader organization

• Provide hands-on guidance to office-based security staff on professional development, escalations, and day-to-day challenges#LI-P1

Who we are:

At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.

Job: Security

Job Family: TECHNOLOGY

Organization: Corporate Strategy & Technology

Schedule: FULL_TIME

Workplace Type: Hybrid

Req ID: 23449