SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 15281, Pittsburgh, PA
  3. Manager, Application & Cloud Security

Manager, Application & Cloud Security

GNC
Posted 9 days ago, valid for 16 days
Location

Pittsburgh, PA 15281, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • GNC is seeking a Manager, Application & Cloud Security with 6–10+ years of experience in Application Security, Cloud Security, or DevSecOps roles.
  • The role involves leading security strategies across applications and cloud environments while actively participating in implementation and architecture reviews.
  • This full-time position offers a hybrid work environment with three days of in-person attendance required in Pittsburgh, PA.
  • Candidates should have experience securing ecommerce platforms and a deep understanding of modern web/API threat landscapes, with a salary range of $120,000 to $150,000.
  • The successful candidate will be responsible for embedding security practices into the software development lifecycle and ensuring compliance with privacy regulations.

About GNC

Since 1935, GNC has been a global leader in health and wellness innovation, inspiring people to achieve their goals with a trusted and dynamic range of products. As #TeamGNC, we prioritize our consumers, constantly collaborating and developing new ideas to deliver cutting-edge solutions. Our team is passionate about driving change and turning aspirations into actions. We believe that good health is the greatest gift, and there's nothing more rewarding than helping others achieve it. Join us in empowering others to Live Well!

What We’re Looking For:

At GNC we embrace a “Live Well” philosophy, fostering a dynamic environment where innovation meets passion.  Whether someone is an athlete or just starting to focus on their health, we want to deliver the cutting-edge products they deserve. We are looking for an individual who is excited and eager to play a pivotal role in driving excellence in the health and wellness industry. This position offers the opportunity to engage in a collaborative environment where you will make a personal impact every day. 

GNC is undergoing a significant digital and technology transformation - modernizing our ecommerce and martech stack, building a next-generation cloud and data foundation, and evolving into a digitally enabled, member-first wellness ecosystem.

We are seeking a Manager, Application & Cloud Security to play a critical leadership role in securing this transformation. This is a hands-on leadership role. The manager will both lead security strategies across applications and cloud environments and actively participate in implementation, including tooling, architecture reviews and developer engagement.

This role will lead the design, implementation, and continuous improvement of security controls across:

  • A modern ecommerce ecosystem and an evolving martech stack
  • Store, supply Chain, merchandising, and other internal enterprise applications.
  • A new enterprise data foundation
  • Cloud infrastructure and SaaS platforms supporting global operations

This leader will partner closely with Digital Engineering, Enterprise Applications, Data & Analytics, Infrastructure, and Product teams to embed security by design into everything we build.

This is not a reactive, ticket-driven security role. We are looking for a proactive, broad-thinking, hands-on, detail-oriented security leader who can operate at both architecture and execution levels - someone who understands how modern retail platforms are built and works closely with engineering teams to secure them.

 

What You’ll Do:

This is a Full-Time Salary Position

The Manager, Application & Cloud Security is responsible for leading the strategy, implementation, and continuous improvement of security practices across the organization’s applications and cloud platforms. This role ensures that secure development practices, cloud security controls, and vulnerability management processes are embedded across the software development lifecycle (SDLC) and enterprise cloud environments.

Secure GNC’s Application Stack

  • Own and mature secure SDLC practices across the entire application stack
  • Conduct threat modeling for digital commerce, payments, loyalty, customer identity systems and beyond
  • Partner with product and engineering teams to integrate automated security testing and policy enforcement into CI/CD pipelines to enable scalable DevSecOps practices
  • Manage and optimize application security testing (SAST, DAST, dependency scanning, penetration testing) and ensure results are integrated into developer workflows
  • Build and scale a developer security program including secure coding guidance, security champions, and targeted developer training
  • Secure third-party martech integrations and vendor connections

Lead Cloud Security Architecture

  • Define and implement security controls across multi-cloud environments
  • Enforce least privilege IAM, network segmentation, container security, and workload protection
  • Partner with Infrastructure teams on secure cloud configuration and posture management Implement CSPM and runtime protection solutions

Protect the New Data Foundation

  • Collaborate with Data & Analytics teams to secure data platforms
  • Implement data classification, encryption, tokenization, and access governance
  • Secure ML pipelines and API-driven data products
  • Ensure compliance with privacy regulations (GDPR, CCPA, PCI DSS)
  • Embed Security in Transformation Programs
  • Act as security lead for ecommerce replat forming, martech consolidation, and data modernization initiatives
  • Lead security architecture reviews for new digital products, integrations, and cloud services, defining and approving secure architecture patterns
  • Establish DevSecOps standards and developer security education
  • Influence roadmap decisions with a risk-balanced, business-aware mindset

Operational Excellence

  • Monitor application and cloud security posture metrics
  • Lead vulnerability management and remediation programs
  • Establish risk-based vulnerability prioritization focused on exploitability, exposure and business impact
  • Coordinate with SOC on incident response related to applications and cloud environments
  • Conduct security reviews of new technologies and vendors
  • Other duties as assigned.

 

What Success Looks Like

Within 12–18 months, this leader will have:

  • Embedded security into our ecommerce and digital product lifecycle
  • Established a repeatable cloud security architecture framework
  • Reduced critical application vulnerabilities by >50%
  • Implemented automated security testing within CI/CD pipelines
  • Improved visibility into third-party SaaS and martech risk exposure
  • Elevated developer and product security awareness across the organization
  • Technology delivery is predictable, disciplined, and transparent
  • Priority initiatives ship on time with fewer surprises and less rework
  • Leaders have confidence in plans, forecasts, and execution commitments
  • Portfolio tradeoffs are explicit, data-driven, and aligned to strategy
  • Agile and product-led practices improve speed and quality rather than dilute accountability

Environmental Factors & Working Schedule:

  • Hybrid work environment, 3 days in-person attendance (Pittsburgh, PA) in addition to ability to work remotely.
  • Regularly required to stand; walk; sit; use hands or fingers to handle or feel; reach with hands and arms; stoop, kneel, crouch, or crawl; and talk or hear
  • Sedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.
  • Work is performed in an office environment and requires the ability to operate standard office equipment and keyboards.
  • Specific vision abilities required by this job include long periods of computer screen usage, close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus
  • The noise level in the work environment is usually low/moderate

 

*To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

 

QUALIFICATIONS:

  • 6–10+ years in Application Security, Cloud Security, or DevSecOps roles
  • Experience securing ecommerce platforms and customer-facing digital applications
  • Deep knowledge of OWASP Top 10 and modern web/API threat landscapes
  • Hands-on experience with cloud security (AWS, Azure, or GCP)
  • Familiarity with data platform security
  • Experience implementing SAST/DAST/SCA tooling
  • Retail, consumer, or ecommerce experience strongly preferred

 

TECHNICAL EXPERTISE:

  • Secure coding principles
  • API security and OAuth/JWT-based authentication models
  • Threat modeling methodologies
  • Secrets management and secure key handling
  • Cloud IAM, container security
  • CI/CD security integration
  • Vulnerability management platforms
  • Zero Trust architecture principles
  • Azure Security Engineer (certification preferred)
  • CISSP, CCSP, or equivalent (certification preferred)

 



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs