Define the long-term vision and technical strategy for the secure development pipeline, ensuring alignment with the overall R&D and business objectives.
Oversee the unified strategy for our tooling ecosystem (GHAS, Wiz, Terra). You will ensure these tools act as automated checkpoints, providing fast, high-fidelity feedback loops for engineers.
Transform our vulnerability management from a "ticket queue" into a risk-based model. You will own the "Risk Acceptance" and "SLA Adherence" processes, ensuring timely focus on what matters.
Design the structure, incentives, and operational logistics for the Security Champions Program to democratize secure development across 80+ squads.
Move away from annual compliance videos to contextually relevant micro-trainings enabling our engineers to develop highly secure solutions.
Build and sustain deep, trust-based partnerships with Engineering leaders and individual contributors to embed security into the software development lifecycle.
Operationalize tools and ticketing pipelines to generate and maintain "Squad Health" scores. You will use data to drive accountability.
Define and track key performance indicators (SAST/SCA remediation rates, Cloud Security Posture scores, Time-to-Fix) to measure the effectiveness of the "Secure Paved Road" and report risk reduction to executive leadership.
Translate the Product Security vision into an actionable, multi-year strategy and operating plan.
Lead, mentor, and grow a team of high-performing Product Security Engineers, fostering a culture of ownership, accountability, and automation.

Requirements

7+ years of experience in Product/Application Security, with 3+ years in a Director or Senior Manager role, preferably with a background in software engineering.
Proven track record of defining, driving, and scaling security engineering programs across large, distributed engineering organizations.
Deep, hands-on experience securing cloud native platforms with a preference for Azure, including architecting the deployment and configuration of CSPM, SAST, and SCA platforms such as Wiz, Orca, and GitHub Advanced Security.
Exceptional organizational and communication skills, with the ability to manage complex technical roadmaps, align stakeholders, and drive consensus across engineering, product, and leadership.
Experience managing security through data. You know how to define SLAs, track "burn down" rates, and present "Squad Health" metrics to engineering leaders.
A passion for shifting security "left" and a track record of implementing security-as-code and automation to achieve security at scale.
Demonstrated experience in leveraging AI in the Software Development and Product Security lifecycle.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Product SecurityApplication SecurityCloud Security Posture Management (CSPM)Static Application Security Testing (SAST)Software Composition Analysis (SCA)Security-as-CodeAutomationData ManagementRisk ManagementPerformance Metrics

Soft Skills

Organizational SkillsCommunication SkillsLeadershipMentoringStakeholder AlignmentConsensus BuildingAccountabilityOwnershipCollaborationStrategic Planning