Overview: We are seeking a highly experienced and dynamic Product Security Engineering Manager to lead our product security initiatives. This role is critical in ensuring that our software products are secure by design and robust against emerging threats. The ideal candidate will have a deep technical background in product security, hands-on experience in implementing security solutions, and a strategic mindset for leading security programs.
Key Responsibilities:
- Develop and execute a comprehensive security strategy aligned with business goals and regulatory compliance.
- Oversee the security engineering team, providing guidance, support, and mentorship.
- Collaborate with product teams from inception to ensure security is embedded throughout the development lifecycle.
- Design and implement security architectures for software products.
- Conduct thorough security assessments, code reviews, and penetration testing to identify and mitigate vulnerabilities.
- Drive the implementation of security features within products, ensuring they meet security standards without compromising usability.
- Advocate for security best practices within product development cycles, influencing product roadmaps.
- Stay abreast of the latest cybersecurity trends, threats, and technologies.
- Innovate and introduce new security solutions or methodologies to improve product security posture.
- Recruit, train, and retain top security talent.
- Foster a culture of security awareness and continuous learning within the team and broader organization.
- Ensure compliance with relevant security standards (e.g., ISO 27001, SOC 2, GDPR).
- Develop and maintain security policies, guidelines, and procedures.
- Regularly report to senior management and board of directors on security status, risks, and strategies.
- Work with legal, compliance, and other departments to ensure holistic security across the organization.
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, or related field. Master’s degree or equivalent experience preferred.
- 10+ years in software development or IT security, with at least 5 years in a managerial role.
- Proven track record in securing software products, including hands-on experience with development and deployment in AWS environments.
- Proficiency in programming languages relevant to security (e.g., Python, Java, C#).
- Strong understanding of cryptographic practices, secure coding, and application security.
- Certifications like CISSP, CISM, or AWS Certified Security - Specialty are highly desirable.
- Excellent communication skills with the ability to convey complex security concepts to non-technical stakeholders.
- Strategic thinker with a proactive approach to problem-solving.
- Leadership qualities with a track record of leading high-performing teams.
- Experience with CI/CD pipelines and integrating security into DevOps practices.
- Familiarity with incident response and disaster recovery planning.