About The Position

At Cast & Crew, we’ve empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies – we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools. The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater. We are a production’s best ally every step of the way. #OneCastOneCrew We are looking for a strategic and hands-on Manager, Product Security to lead our efforts in securing the products, services, and infrastructure that power the entertainment industry's payroll and financial operations. This role is critical to protecting the sensitive data and systems that our clients—major studios, streaming platforms, and production companies—rely on every day. As the Manager of Product Security, you will build and lead a team responsible for embedding security into every phase of our software development lifecycle. You'll work at the intersection of application security, cloud infrastructure security, and DevSecOps, partnering closely with engineering, operations, and product teams to ensure that security is not an afterthought but a foundational element of everything we build. This is a leadership role for someone who is equally comfortable setting strategic direction, mentoring team members, and rolling up their sleeves to solve complex technical security challenges. You will manage a team of security engineers and analysts, drive our DevSecOps transformation, participate in architecture reviews, and champion a "shift left" security culture across the organization. If you're passionate about building secure software at scale, thrive in a collaborative environment, and want to make a tangible impact on an industry that touches millions of workers, we want to hear from you.

Requirements

  • 5+ years of experience in application security, cloud security, or product security roles
  • 2+ years of people management experience, including hiring, mentoring, and performance management
  • Deep technical expertise in at least two of the following areas:
  • Application security testing (SAST, DAST, penetration testing)
  • Cloud security (AWS or Azure), including IAM, network security, and CSPM
  • Secure software development lifecycle (SSDLC) and DevSecOps practices
  • Container and Kubernetes security
  • Infrastructure-as-code security (Terraform, CloudFormation)
  • Proven track record of building or scaling security programs in a fast-paced technology environment
  • Strong understanding of common vulnerabilities (OWASP Top 10) and secure coding practices
  • Experience integrating security into CI/CD pipelines and working with development teams
  • Excellent communication skills with the ability to explain complex security concepts to diverse audiences
  • Bachelor's degree in Computer Science, Information Security, or related field (or equivalent practical experience)

Nice To Haves

  • Industry certifications such as CISSP, OSCP, CEH, CSSLP, or cloud security certifications (AWS Security Specialty, Azure Security Engineer)
  • Experience in regulated industries (finance, healthcare, entertainment) with compliance requirements
  • Familiarity with secrets management solutions (HashiCorp Vault, AWS Secrets Manager)
  • Experience with security orchestration and automation (SOAR, security-as-code)
  • Knowledge of threat modeling and secure architecture design patterns
  • Experience managing bug bounty programs or working with external security researchers
  • Background in software development (Python, Go, Java, or similar)
  • Experience with SIEM, logging, and security monitoring technologies
  • Familiarity with SOC 2, ISO 27001, or NIST 800-53 compliance frameworks

Responsibilities

  • Strategic Leadership
  • Develop and execute a comprehensive product security strategy aligned with business objectives and risk tolerance
  • Define the security roadmap for all Cast & Crew products, services, and cloud infrastructure
  • Partner with VP of Engineering and product leaders to integrate security into the product development lifecycle
  • Establish and mature our DevSecOps program, driving "shift left" security practices across development teams
  • Participate in the Architecture Review Board to evaluate and approve new product designs from a security perspective
  • Define and track key security metrics, reporting progress to the CISO and executive leadership
  • Team Leadership & Development
  • Lead, mentor, and develop a team of security engineers and analysts (currently: Cloud Security Engineer and Application Security Analyst)
  • Foster a collaborative, learning-oriented team culture that balances security rigor with developer velocity
  • Conduct regular 1:1s, performance reviews, and career development planning for direct reports
  • Scale the team as the organization grows, including hiring and onboarding new security talent
  • Provide technical guidance and remove blockers to enable your team's success
  • Technical Program Management
  • Oversee cloud security posture across AWS and Azure environments, ensuring hardening and compliance
  • Manage application security testing programs including SAST, DAST, penetration testing, and bug bounty
  • Implement and optimize security tools in CI/CD pipelines to catch vulnerabilities early
  • Coordinate vulnerability management processes, prioritizing remediation based on risk
  • Lead incident response efforts for product security issues, conducting root cause analysis and implementing preventive measures
  • Ensure secrets management, container security, and infrastructure-as-code security best practices
  • Cross-Functional Collaboration
  • Work closely with engineering teams to provide security guidance without slowing down delivery
  • Partner with the GRC team on compliance requirements (SOC 2, NIST 800-53) related to product security
  • Collaborate with the Corporate Security Operations team on monitoring, detection, and response
  • Engage with third-party security researchers and coordinate responsible disclosure programs
  • Communicate security risks and priorities effectively to both technical and non-technical stakeholders

Benefits

  • Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more!
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service