Product Security Manager
United States
Ro
Ro is a healthcare company designed to help you meet your health goals. We connect patients with US-licensed healthcare professionals all online. Get started today.Ro was named #2 in Wellness on Fast Company's 2019 list of the World's Most Innovative Companies, listed by Inc. Magazine as a Best Place to Work in 2020 and 2021, and named one of FORTUNE's 2021 Best Workplaces In Health Care.
The Product Security Team protects the security and privacy of our patients by enabling product teams to build scalable and secure-by-design technologies. We do this by collaborating with Engineering Managers and Product Managers in devising, implementing, and communicating a well-rounded approach to application security. With direct influence on strategic initiatives at Ro, you will be relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions.
This role is a player-coach leadership position: managerial while also a hands-on technical expert revealing and mitigating weaknesses in products and infrastructure. You will provide guidance to development teams that results in more secure products for our patients while driving the entire Product Security team to maintain progress on roadmapped strategic initiatives. The Product Security team scales through security partnerships and tooling/automation–you coordinate the team to make that happen. With a proven background in application security, you will provide mentorship not just to your fellow AppSec engineers but to software and infrastructure engineers across the company. This role reports directly to the Director of Product Security and will work closely with both product teams and business leaders across the company.
What You'll Do:
- Meet product teams at eye level: Lead and coordinate the Product Security team in security partnerships across the company. The team enables product teams by providing security guidance on new frameworks and technologies early in product development. As an application security expert, you’ll partner with product teams as well.
- Be preventive over prescriptive: Identify shortfalls and align product security resources in security and privacy initiatives
- Provide on-going care: Regularly review and analyze design, architectures, existing systems services, and applications from a security perspective via black box testing, code reviews, automation, threat modeling and research
- Incorporate expertise from specialists: Interact directly with the security community regarding vulnerabilities or threats through our vulnerability disclosure program and by attending AppSec conferences
- Elevate the field with knowledge: Actively promote sound application security engineering practices across the company through security education, mentor/coach fellow Product Security Engineers, drive input and proposals to application security strategy and product roadmaps
What You'll Bring:
- B.S. or M.S. in Computer Science Computer Engineering, Electrical Engineering, or other relevant majors, or equivalent experience
- 7+ years of application security experience such as design reviews, threat modeling, security mitigation development, and application security tooling/automation
- Knowledge and experience in various disciplines of application security but an expert in at least one: web application security, mobile app security, network security, applied cryptography, cloud computing/infrastructure, application security-specific tooling (DAST, SAST, RASP, WAFs, etc.)
- A diverse set of leadership tools, establishing and maintaining relationships with business leaders, experience mentoring and supporting peers and engineering teams, encouraging the best engineering practices, and leading by example
- A deep knowledge in secure coding principles and has the ability to conduct a comprehensive review in at least one topical area from the OWASP Application Verification Standard or Mobile AppSec Verification Standard (e.g., cryptography, injection, XSS, AuthN/AuthZ, modern identity frameworks)
- The ability to vet and provision 3rd party engineering training materials/platforms and experience building or leading a company-wide security champions program
- Experience leading a Vulnerability Disclosure Program or Bug Bounty Program through a vendor relationship
- A track record of success in securing scalable web and/or mobile applications while limiting impact to developer velocity to the extent possible
- Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Swift
- A deep understanding of how to translate product and business goals into tech and how to stay focused on the most impactful
- Excellent troubleshooting skills in a highly collaborative environment, effectively breaking down complex projects and ensuring their delivery in a timely manner
Benefits + Perks:
- Full medical, dental, and vision insurance + OneMedical membership
- Healthcare and Dependent Care FSA
- Commuter benefits
- 401(k)
- Flexible PTO
- Fitness reimbursement
- Paid maternity/parental leave
- A never-ending supply of office snacks + coffee + tea
- The cutest office dog you’ve ever seen
See our California Privacy Policy here.
Tags: APIs Application security Automation Black box Cloud Computer Science Cryptography DAST JavaScript Network security Node.js OWASP Privacy Product security Python SAST Security strategy Strategy Vulnerabilities XSS
Perks/benefits: Conferences Fitness / gym Flex vacation Health care Home office stipend Medical leave Parental leave Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs