Product Security Manager

Company Description

Elite is the leading global provider of innovative business management solutions that enable law firms and professional services organizations to streamline operations, maximize efficiency, and increase visibility into all aspects of their businesses. Our Company is focused on enabling firms of all sizes and locations to meet their true potential and provide the best service for their clients.

Job Description

The Product Security Manager is responsible for both infrastructure and application security experience including vulnerability governance, pen testing, responsible disclosure, IR & internal comms (L3), risk remediation security design reviews, workload & infrastructure tooling, and technology product security / translation of policy to operational controls selection, design, and effectiveness, MSSP liaison. 

WHAT YOU’LL DO 

• Develop and implement a comprehensive product security strategy, aligned with the organization's overall security objectives and industry standards, to mitigate risks and ensure the secure development and deployment of technology products. 

• Security Architecture: Design and oversee the implementation of security architectures, frameworks, and controls for technology products, considering factors such as threat modeling, risk assessments, and regulatory compliance. 

• Secure Development Lifecycle: Collaborate with Enterprise AppSec, DevOps, and Development teams to embed security practices within the product development process, from requirements gathering to release. Promote secure coding principles, conduct security code reviews, and assist in remediating vulnerabilities. 

• Vulnerability Management: Lead efforts to identify, assess, and prioritize vulnerabilities in technology products pre- and post-release. Coordinate penetration testing, vulnerability scanning, and code analysis activities. Work closely with development teams to remediate vulnerabilities in a timely manner. 

• Incident Response: Lead and coordinate incident response activities related to product security incidents. Establish and maintain an incident response plan in collaboration with the Enterprise SOC and ensure effective response to security incidents affecting our products. 

• Security Standards and Compliance: Stay updated on relevant security standards, regulations, and industry best practices. Ensure technology products in the software, hardware, cloud, and communications space adhere to applicable global, local and customer security requirements. 

• Team Leadership: Build and lead a high-performing product security team. Provide mentorship, guidance, and support to team members. Foster a culture of continuous learning, collaboration, and innovation. 

• Stakeholder Collaboration: Work closely with cross-functional teams, including engineering, product management, legal, and compliance, to ensure security requirements are integrated into the product development lifecycle. Collaborate with enterprise colleagues, customers, partners, and vendors to address security concerns and establish strong security partnerships. 

Qualifications

• 5+ years of professional progressive experience in product security, application security, or a similar role. 

• 5+ years of experience in a technology team leadership role. 

• 5+ years of experience in a global technology company with multiple product lines. 

• Extensive knowledge of secure software development practices, secure coding principles, and secure architecture design. 

• Experience with security requirements of or more of the following - hardware products, embedded products, IoT technologies, gateway technologies, secure technology manufacturing. 

• Proficiency in conducting threat modeling, risk assessments, and vulnerability management. 

• Familiarity with industry-standard security frameworks and regulations (e.g., OWASP, NIST, ISO 27001, PCI DSS). 

• Hands-on experience with security tools, such as static analysis, dynamic analysis, and penetration testing tools. 

• Excellent leadership and communication skills, with the ability to influence and collaborate with diverse stakeholders. 

• Experience with cloud environments, specifically AWS. 

• Keen interest in learning new and emerging technologies and passion for innovation. 

• Experience with Container security and API security tools preferred 

• Experience with a variety of open-source technologies, zero-trust methodologies and tools in product landscapes preferred. 

• Program management skills preferred. 

Additional Information

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. We are proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace. 

We also provide reasonable accommodation for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.