At Pearson, we are the world’s learning company with over 24,000 employees across 70 countries. Our mission is to combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalised learning at scale. We believe that wherever learning flourishes, so do people.

In this exciting and fast-paced role, you will lead the design, implementation, and continuous improvement of Pearson’s global Application Security program, with a strong focus on technical enablement and automation. As an Application Security Manager, you’ll operate at the intersection of security engineering, DevSecOps, and cloud-native development, helping secure a diverse portfolio of hundreds of applications built across AWS, Azure, and GCP.

You’ll work closely with engineering, DevOps, SRE, and product teams to embed security into every stage of our CI/CD pipelines, ensuring that security is scalable, automated, and aligned with Pearson’s rapid adoption of AI-driven technologies.

 

What You'll Do:

Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development. Manage the local application security team and align them with the broader goals of the global Application Security organization. Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools. Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle. Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture. Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models. Translate security requirements into actionable tooling, architecture, and secure coding practices. Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software. Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring:

Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps. Solid development background — ideally in Java and JavaScript. Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection). Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles. Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM). Experience supporting and securing modern application architectures including containers and microservices. Familiarity with OWASP Top 10, threat modeling, and secure design patterns. Exceptional communication and cross-functional collaboration skills; you’re comfortable working across Dev, Ops, and Security organizations. Experience mentoring or managing a team and running security champion initiatives is a big plus. Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.