Product Security Manager
Remote, United States
Cielo ProjectsCielo is the leading global Talent Acquisition Partner. With better experience, experts & technology, we illuminate talent wherever it’s found.
Elite is the leading global provider of innovative business management solutions that enable law firms and professional services organizations to streamline operations, maximize efficiency, and increase visibility into all aspects of their businesses. Our Company is focused on enabling firms of all sizes and locations to meet their true potential and provide the best service for their clients.
The Product Security Manager is responsible for both infrastructure and application security experience including vulnerability governance, pen testing, responsible disclosure, IR & internal comms (L3), risk remediation security design reviews, workload & infrastructure tooling, and technology product security / translation of policy to operational controls selection, design, and effectiveness, MSSP liaison.
WHAT YOU’LL DO
Develop and implement a comprehensive product security strategy, aligned with the organization's overall security objectives and industry standards, to mitigate risks and ensure the secure development and deployment of technology products.
Security Architecture: Design and oversee the implementation of security architectures, frameworks, and controls for technology products, considering factors such as threat modeling, risk assessments, and regulatory compliance.
Secure Development Lifecycle: Collaborate with Enterprise AppSec, DevOps, and Development teams to embed security practices within the product development process, from requirements gathering to release. Promote secure coding principles, conduct security code reviews, and assist in remediating vulnerabilities.
Vulnerability Management: Lead efforts to identify, assess, and prioritize vulnerabilities in technology products pre- and post-release. Coordinate penetration testing, vulnerability scanning, and code analysis activities. Work closely with development teams to remediate vulnerabilities in a timely manner.
Incident Response: Lead and coordinate incident response activities related to product security incidents. Establish and maintain an incident response plan in collaboration with the Enterprise SOC and ensure effective response to security incidents affecting our products.
Security Standards and Compliance: Stay updated on relevant security standards, regulations, and industry best practices. Ensure technology products in the software, hardware, cloud, and communications space adhere to applicable global, local and customer security requirements.
Team Leadership: Build and lead a high-performing product security team. Provide mentorship, guidance, and support to team members. Foster a culture of continuous learning, collaboration, and innovation.
Stakeholder Collaboration: Work closely with cross-functional teams, including engineering, product management, legal, and compliance, to ensure security requirements are integrated into the product development lifecycle. Collaborate with enterprise colleagues, customers, partners, and vendors to address security concerns and establish strong security partnerships.
5+ years of professional progressive experience in product security, application security, or a similar role.
5+ years of experience in a technology team leadership role.
5+ years of experience in a global technology company with multiple product lines.
Extensive knowledge of secure software development practices, secure coding principles, and secure architecture design.
Experience with security requirements of or more of the following - hardware products, embedded products, IoT technologies, gateway technologies, secure technology manufacturing.
Proficiency in conducting threat modeling, risk assessments, and vulnerability management.
Familiarity with industry-standard security frameworks and regulations (e.g., OWASP, NIST, ISO 27001, PCI DSS).
Hands-on experience with security tools, such as static analysis, dynamic analysis, and penetration testing tools.
Excellent leadership and communication skills, with the ability to influence and collaborate with diverse stakeholders.
Experience with cloud environments, specifically AWS.
Keen interest in learning new and emerging technologies and passion for innovation.
Experience with Container security and API security tools preferred
Experience with a variety of open-source technologies, zero-trust methodologies and tools in product landscapes preferred.
Program management skills preferred.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. We are proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
We also provide reasonable accommodation for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS Cloud Code analysis Compliance DevOps Governance Incident response ISO 27001 NIST OWASP PCI DSS Pentesting Product security Risk assessment Security strategy SOC Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs