Product Security Engineering Manager

About The Position

Requirements

• Deep Technical Background: 7+ years of experience in cybersecurity, with a focus on Product Security, Application Security, or Platform Security
• Leadership Experience: 2+ years of experience directly managing and mentoring a team of security engineers
• Program and Project Management: Demonstrable experience driving sustained improvement and managing complex projects that span multiple teams and business units
• Clear Communication: Excellent communication skills with a proven ability to build strong partnerships with software engineering, DevOps, and product management teams, and operations teams
• Secure SDLC Mastery: Deep, hands-on experience integrating security into modern CI/CD pipelines. You are highly proficient in threat modeling, architecture reviews, implementing automated testing (SAST, DAST, SCA, Fuzzing), and SDLC program management
• Software Engineering: Fluency in at least one or more modern programming languages (e.g., Python, Go, Ruby, Java) to facilitate code reviews, script automation, and build out security tooling
• Cloud & Platform Security: Strong understanding of cloud-native architectures (AWS, GCP, or Azure), containerization (Kubernetes, Docker), Linux, and Infrastructure as Code (Terraform)
• Compliance as Engineering: Practical experience supporting compliance requirements such as Fedramp (preferred), PCI, SOC2, ISO27001, NIST 800-53

Nice To Haves

• Previous experience managing, triaging, or actively participating in Bug Bounty programs
• A background in building "paved roads" or secure-by-default internal libraries to eliminate entire classes of vulnerabilities
• Experience working within a fast-paced, high-growth security or SaaS company

Responsibilities

• Drive Team Excellence: Lead, grow, and empower a high-performing team of product security engineers, fostering a culture of engineering excellence, psychological safety, and continuous learning
• Drive the Secure SDLC: Own and evolve our secure development lifecycle. You will drive "shift-left" initiatives across architecture reviews, threat modeling, SAST/DAST, continuous end-to-end testing, and advanced fuzzing
• Architect Secure Foundations: Design and launch a Security Foundations program focused on secure-by-default engineering. Your goal isn't just to find bugs, but to systematically eradicate entire classes of vulnerabilities through paved roads and developer guardrails
• Spearhead FedRAMP Initiatives: Own the security roadmap and day-to-day operations of our FedRAMP program