ProdSecOps Manager

About The Position

Requirements

• 10+ years experience in Product Security, Application Security, or SecOps, including a background in formal people management or technical team leadership.
• Previous hands-on experience with the OWASP Top 10 , modern CI/CD pipelines, and cloud-native security (Go, Rust, or Kubernetes environments).
• Deep understanding of managing high-volume vulnerability programs (Bug Bounty, SAST/DAST) and the diplomacy required for successful remediation.
• Ability to translate complex technical risks into business impact for non-technical senior leadership.
• Degree in Computer Science, Cybersecurity, or equivalent leadership experience in a high-growth technology environment.

Nice To Haves

• Experience managing distributed teams in a global "follow-the-sun" model.
• Relevant industry certifications such as CISSP, CISM, or CISA.
• Familiarity with Cloudflare’s architecture, including Edge computing and Serverless environments.

Responsibilities

• People Leadership & Mentorship Growth Coaching: Directly manage and mentor a team of security engineers, focusing on their career progression from manual triage to security automation and architectural thinking.
• Technical Stewardship: Support senior engineers in designing high-level security "Guardrails" and "Secure-by-Default" libraries, ensuring technical visions align with operational workloads.
• Performance Management: Set clear KPIs for the team, focusing on signal-to-noise ratios, mean-time-to-remediate (MTTR), and researcher satisfaction.
• Vulnerability Pipeline Management: Oversee the global intake of findings from Bug Bounty platforms, SAST, DAST, and SCA. Ensure the team identifies patterns requiring systemic fixes rather than just "clearing tickets."
• Incident Escalation: Act as the primary escalation point for critical product vulnerabilities. Partner with VPs of Engineering and the CTO to decide when to accept risk for speed versus when to mandate architectural halts.
• Tooling Roadmap: Define the long-term roadmap for security automation—moving the team from manual "chasing" to automated remediation workflows and Slack/Jira integrations.
• Stakeholder Management: Partner with Product Managers and Engineering Directors to integrate security remediation into their quarterly planning and OKRs.
• Policy Design: Define and enforce "Zero Tolerance" vulnerability classes and auto-remediation rules that block insecure deployments at the Pull Request level.