I'm responsible for Application Security of my company's products. It's similar to Syed Fazle Rahman in several ways (hiring, paperwork, meetings, development) but different in others.
I'm a team lead - I'm still a very technical guy and I would say that's where I do provide the most value to the organization but I also teach developers on secure coding practices, threats to look out for, I conduct code audits (blackbox and white box) and also act as a technical project manager for our external security assessments done by vendors.
I manage the bug bounty program which includes working with various developer teams to scope and place their software into the program so that security researchers will "attack" the software, find security vulnerabilities, and report them. My team then reads through those submissions, validates them (are they true or bogus???), triages them (how serious are they? What priority?), produces working exploits, and then files tickets with the proper development team for the finding.
Continuing from the above, I explain the findings to the developers and follow-through to ensure that they are noticed and addressed, as well as provide any security expertise they need to patch the problems.
Since I enjoy writing code, I also write small tools and automation programs where necessary to help facilitate the above.
The scope of the job is HUGE - one day I will be hacking wifi, another day, writing C code, another day, auditing JavaScript code, and another day speaking with the Legal team or engineering management to better understand a security problem. Additionally, the work configuration and tech stack is enormous. I have to operate on Windows, macOS, Linux, Android, embedded, cloud applications, and iOS! It can be hectic at times but the payoff in experience and fun is also gigantic. The job never gets boring and I get to learn something new every day!
I would say one big difference between this job and "standard development" is that the communication skills needed for the job are higher. Yes, all developers must be able to effectively communicate, but the integrity of what I do heavily relies upon my ability to communicate my findings and research with engineers, managers, attorneys, product or program managers, and more. It is not their main job to understand the severity and implications behind security vulnerabilities, so they rely on our team to present this information in a digestible fashion. Additionally, I have to design and write training material, then present it in meetings/trainings to all software engineering teams.
I don't like when people are bored/unhappy at work, so I also make it a point to ensure that members of my team are feeling challenged, excited, and rewarding for the work they do.