Provide Strategic Technical Leadership (40%)
Execute a forward-looking product security strategy focused on staying ahead of security and privacy threats, not reacting to incidents.
Own and mature the secure SDLC, including threat modeling, security and privacy design reviews, application security testing, software supply chain protections, and production controls.
Make sound, risk-based prioritization decisions across competing security needs, balancing long-term security investments with urgent product, engineering, and business demands.
Establish standards for securing AWS-based cloud-native systems, APIs, mobile applications, and AI-enabled features.
Translate emerging threats, abuse patterns, and regulatory expectations into actionable engineering guidance.
Drive measurable reductions in systemic risk and security debt.
Clarify security priorities and focus the team on the work that delivers the highest risk reduction and business impact.
Build and Lead a High-Performing Security Engineering Team (30%)
Build and evolve a product security organization with clear ownership boundaries and strong collaboration across Product Security Architecture and Information Security.
Coach and develop the team members to operate with increasing autonomy, fostering sound security judgment and build a culture of ownership and accountability by empowering team members to make risk informed security decisions.
Ensure roles are well-defined, impact-driven, and aligned to current and future business needs.
Set and uphold a high bar for technical depth, work quality, and follow-through.
Attract and hire exceptional security engineers committed to technical excellence and mission impact.
Provide stretch opportunities that expand scope, influence, and technical mastery.
Foster a culture where candid feedback, iteration, and growth are expected and normalized.
Build an environment where high performers thrive and are sought after across the organization.
Partner Effectively with Business Stakeholders and Technology Teams (30%)
Improve developer experience by making secure choices the default through automation and clear engineering standards.
Establish measurable indicators of security effectiveness, including remediation velocity, systemic risk reduction, and declining recurrence of vulnerability classes.
Establish security standards and guardrails for AI-enabled product capabilities.
Integrate AI-assisted tooling into security workflows to improve secure design, code review, vulnerability triage, and threat analysis capabilities.
Ensure AI tools used within engineering are adopted responsibly, securely, and with measurable impact.
Grow the culture of security and privacy within product teams through educational initiatives such as the Staying Ahead of Threats Guild.

Requirements

10+ years of experience in application, cloud, or product security, including senior leadership responsibility
Demonstrated expertise in securing SaaS and mobile products, using contemporary development frameworks, CI/CD practices, and secure coding standards.
Strong command of emerging trends in product security, including software supply chain risk, data privacy, secure SDLC, and third-party/vendor security posture management.
Strong stakeholder engagement and communication skills, with the ability to synthesize complex information and present clear options to technical and executive audiences.
Deep people leadership experience, including hiring, coaching, talent development, performance management, and fostering a culture that enables engineers to do their best work.
Exceptional planning, prioritization, and delivery skills, consistently executing against timelines and budgets in dynamic, fast-paced environments.
Willingness and ability to travel 2-3 times per year to College Board offices and other domestic or international locations, as needed.

Benefits

Annual bonuses and opportunities for merit-based raises and promotions
A mission-driven workplace where your impact matters
A team that invests in your development and success

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitycloud securityproduct securitysecure SDLCthreat modelingsecurity design reviewsapplication security testingsoftware supply chain protectionsCI/CD practicessecure coding standards

Soft Skills

strategic leadershipstakeholder engagementcommunication skillspeople leadershipcoachingtalent developmentperformance managementplanningprioritizationdelivery skills