Technical Project Manager - 

Application Security



The Opportunity

The Technical Project Manager - Application Security  will be an experienced professional with expertise in securing applications (cloud, mobile, computers), web applications (such as plugins), e-commerce applications, application source code and third-party tools that are used to build applications; including the ability to identify, remediate, and correct security issues in the applications within the organization. The ideal candidate will have experience working within AWS and Azure and fully understand the principles of securing applications deployed within those environments.



Essential Duties (Primary Responsibilities) include the following.

  • Develop and implement a security strategy and architecture that is high performance, reliable, scalable, low cost, omnipresent and transparent with frictionless experience for developers and users.
  • Contribute to the overall framework of security, risk and compliance at enterprise level partnering with other related functions.
  • Assess the technology and application landscape of the enterprise, working with different teams, from a security perspective
  • Create and implement a comprehensive and robust security perimeter around all the applications and tools of the organization
  • Develop in-depth security architecture, design and coding standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements
  • Develop criteria to assess and validate security risks (e.g., DLP, IDS, NERC CIP) and relevant security architectures.
  • Define, implement and govern security strategy for the software development lifecycle (SDLC) and product security maturity model.
  • Adopt a shift-left approach to security to ensure that applications are secure by design
  • Develop, implement and govern application security policies, procedures and standards
  • Integrate security practices and tools with DevOps process and CI/CD pipes, working closely with the process and tooling teams.
  • Define and implement vulnerability management practices
  • Evaluate and implement security testing tools and methodologies including Static Application Security Testing (SAST) tools, Dynamic Application Security Testing (DAST) tools, and Interactive Application Security Testing (IAST) tools in collaboration with other engineering teams.
  • Define, implement, govern and publish Application Security Controls and Metrics spanning across SDLC and product development. Create and publish metrics dashboards (BSIMM)
  • Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
  • Secure cloud-based applications and services, specifically within AWS and Azure and integration of cloud applications with on premises resources
  • Provide product security related coaching and mentoring to elevate security expertise of development teams.
  • Identify functional and technical cybersecurity requirements, integration needs and prepare cost estimates.
  • Integrate technical, managerial, and financial considerations when sponsoring solutions
  • Continuously review and enhance existing and future application security solutions.
  • Ensure risks are identified and addressed for new developments, integrations and deployments
  • Articulate application security solutions to business partners, development teams, and clients in a comprehensible manner.
  • Research information security standards, conducting system security and vulnerability analyses, and risk assessments, studying architecture/platform evolution
  • Drive open innovation in product security best practices through industry collaboration
  • Take initiative, manage own objectives through tasks from inception to completion
  • Other duties as assigned.


What someone will need to be successful in this role

  • Adhere to Berkadia’s policies and exhibit proficiency and understanding of Berkadia’s Values and position-specific skills.
  • Bachelor’s degree in Information Security, Computer Science, or related field.
  • Minimum 8 years of development background in Java, .NET or other modern higher level language. Strong knowledge of multiple technologies, platforms, and programming languages
  • Minimum of 5 years of application security experience including experience with OWASP and NIST security standards and frameworks, BSIMM as well as SOX and SOC2requirements.
  • CISSP / CSSLP / CISA / CISM / ISSAP / ISSE / Security+ or other security certifications are a plus
  • Complete understanding of application security engineering principles
  • Knowledge of common application security challenges and their remediations
  • Knowledge and experience with threat modeling, and risk assessments
  • Solid understanding of security protocols, cryptography, authentication, authorization
  • Experience working in an Agile and DevOps environment including security aspects of CI/CD
  • Experience with distributed system design
  • Ability to perform architectural, design, and code reviews with a focus on security best practices.
  • Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
  • Ability to create detailed written documentation
  • Strong critical thinking, analytical skills and attention to detail
  • Highly self-motivated and directed
  • Travel up to 20% (both domestic and international)


 Employee Benefits

  • 18 PTO days + 2 floating holidays & 10 paid holidays per year
  • Generous tuition reimbursement towards a Masters or Bachelors degree
  • 401K match up to 6%
  • 12 weeks of 100% paid paternity/maternity leave
  • Mentorship with industry professionals


Berkadia, a joint venture of Berkshire Hathaway and Jefferies Financial Group, is a leader in the commercial real estate industry, offering a robust suite of services to our multifamily and commercial property clients. Powered by deep relationships and industry-changing technology, our people sell, finance, and service commercial real estate, providing support for the entire life cycle of our clients’ assets. Our unique ownership structure allows us to put the client’s interests first and creates a marketplace that delivers a superior experience.

Applicants who require accommodations to participate in the interview process should contact the Talent Acquisition Team to arrange for such accommodations by emailing: 

Berkadia does not share salary ranges in its job postings.  Any salary-related information you see posted externally has not been provided or verified by Berkadia and may not be accurate.  

Berkadia is an equal opportunity employer and affords equal opportunity to all applicants and employees for all positions without regard to race, color, religion, gender, national origin, age, disability, veteran status or any other status protected under local, state or federal laws.

By applying to this job opportunity you are acknowledging Berkadia's Privacy Policy. Applicants have rights under Federal Employment Laws. Please click the following links for more information: EEOC, Employee Rights under the FMLA, EPPA.


Apply for this Job

* Required


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Berkadia are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.