Application Security Engineering Manager

Synthesia is the world’s leading AI video platform for business, used by over 90% of the Fortune 100. Founded in 2017, the company is headquartered in London, with offices and teams across Europe and the US.

As AI continues to shape the way we live and work, Synthesia develops products to enhance visual communication and enterprise skill development, helping people work better and stay at the center of successful organizations.

Following our recent Series E funding round, where we raised $200 million, our valuation stands at $4 billion. Our total funding exceeds $530 million from premier investors including Accel, NVentures (Nvidia’s VC arm), Kleiner Perkins, GV, and Evantic Capital, alongside the founders and operators of Stripe, Datadog, Miro, and Webflow.

Location: Europe remote or London hybrid

About the role:

As our engineering and research organisation grows, so does the complexity of securing it. Our Application Security team is at the forefront of that challenge — building AI-native security tooling, embedding security into the development lifecycle at scale, and finding ways to make a small, highly capable team punch well above its weight.

We’re looking for an Engineering Manager to lead and grow the AppSec team. This is not a coordination role. You’ll be leading a team of exceptionally senior and staff-level engineers who are deeply self-directed and technically excellent. To earn their trust and enable their best work, you’ll need to be genuinely close to the craft — able to engage at depth on threat modelling, agentic security tooling, SDLC design, and application risk. You’ll also own AppSec strategy and be accountable for how the function scales alongside a product organisation that is growing fast and leaning heavily into AI-assisted development.

Important note: Anyone working as a manager within the Infosec team will need to follow the Infosec Team Management Tenets.

Key Responsibilities:

• Lead, support, enable and grow the AppSec team — owning hiring, onboarding, performance, and career development for a team of Senior and Staff-level Security Engineers. Important to understand: we’re not looking for someone to dictate the roadmap or daily activities of the team. What we need is someone to enable the team to do what needs doing and to give them the best possible environment to do it in.

• Own the formalisation of AppSec strategy and roadmap, translating team input, business risk and engineering context into a clear, prioritised programme of work with measurable outcomes.

• Be a credible technical partner to your team — able to engage substantively on threat models, security architecture, agentic tooling design, and risk decisions, and willing to get into the details when it matters.

• Define and maintain the team’s operating rhythm: OKRs, quarterly planning, cross-team coordination, and stakeholder communication up to leadership.

• Act as a key interface between AppSec and the rest of the organisation and leadership — building relationships with business leadership, engineering leads, the Developer Platform team, Architecture Working Group, and partner functions like Legal and Moderation, to embed security into how Synthesia builds.

• Participate in maintaining and evolving Synthesia’s approach to AI-assisted development security, including how we secure our own use of agentic coding tools and how we assess the security of AI-generated code.

• Own AppSec’s relationship with the broader Security function, ensuring tight alignment between AppSec and other Infosec teams on shared risks, incidents, and cross-cutting initiatives.

• Represent AppSec externally where relevant — with customers, auditors, and in the context of compliance programmes such as SOC2 and ISO42001.

What’s in it for you:

• Lead a small, senior team with high autonomy, and focus on creating leverage rather than running a ticket queue.

• Work in a leading AI-company with high-growth and a very friendly culture. It’s a fun ride!

• Build and ship AI-native / agentic security tooling end-to-end, from prototypes to production systems that materially change how engineering works.

• Operate at the intersection of product, platform, and security architecture, with scope to shape how secure-by-default looks in a rapidly scaling AI company.

Experience & Qualifications:

You’re a Security Engineer first, who has grown into leadership. You’re comfortable in the details and know when to roll up your sleeves, but you’ve also developed the organisational instincts to run a team effectively and the strategic clarity to own a function.

• You’re a strong communicator who can operate across audiences — from deeply technical discussions with staff engineers, to clear risk framing for leadership, to pragmatic negotiation with product and engineering partners.

• You have a strong engineering background in application security, with hands-on experience in areas such as threat modelling, secure design review, (AI-)SAST/SCA tooling, vulnerability management, and/or security automation.

• You are very comfortable with Python and JavaScript. You have experience with AWS and/or GCP from a cloud infrastructure perspective, and you know your way around GitHub Actions.

• You have meaningful people management experience — you’ve hired, grown, and performance-managed security engineers, and you understand what good looks like at senior IC levels.

• You’ve led or significantly contributed to an AppSec programme in a fast-growing SaaS or AI company, ideally one where the engineering organisation was scaling faster than the security team.

• You have a genuine point of view on AI-native security engineering — how LLMs and agentic tools change the attack surface, and how to use them defensively. This space is central to what we’re building and you need to be able to lead credibly within it.

• You’ve worked in an environment with a mature engineering culture and understand how to embed security as a collaborative partner rather than a gate.

Bonus Points For:

• Experience with Kubernetes from an operational/security perspective.

• Familiarity with any of the tools in our current stack: Semgrep, Wiz, CrowdStrike, HackerOne, Claude Code, Cursor, GitHub Actions, StepSecurity

• Prior experience as a Staff or Principal security engineer before moving into management.

At Synthesia we expect everyone to…

• Be an owner

• Focus on outcomes over Inputs and Plans

• Make the journey fun

• Default to simple

You can read more about this in this public Notion page – https://synthesia.notion.site/How-we-work-at-Synthesia-f794caa72f8446efb6be22b551ce0fa2 

Benefits:

• A flexible, remote friendly role based out of Europe or one of our hubs in London, Copenhagen, Munich, or Zurich.

• 25 days of annual leave + public holidays in the country where you are based.

• A generous referral scheme.

• Work from home set up.

• At Synthesia, you can work from anywhere (within reason) in the world for up to 60 days per year!

• A huge opportunity for career growth as you’ll help shape a market-defining product.