About the role:
As a lead in product security, you will play a pivotal role in championing security throughout the entire product development lifecycle. You will collaborate with engineering, product management, and other stakeholders to identify and mitigate security risks, ensuring our products are built with security and compliance in mind.
What You Will Be Doing:
- Lead and participate in security assessments, threat modeling, and penetration testing activities for new and existing products.
- Define and implement a comprehensive product security strategy, aligning it with business objectives and industry best practices.
- Develop and maintain secure coding practices and security engineering standards for the development team.
- Automate repetitive processes and write internal tools to boost productivity and visibility
- Foster a culture of security awareness within product teams and educate them on security best practices.
- Collaborate with product managers to integrate security considerations into the product development lifecycle.
- Stay up-to-date on the latest security threats and vulnerabilities and proactively address them.
- Manage and prioritize product security vulnerabilities, working with engineering teams to implement effective remediation plans.
- Develop and maintain security documentation, including threat models, security requirements, and incident response plans.
- Track and report on product security metrics and communicate the security posture of products to stakeholders.
- May participate in security incident response activities and provide guidance on mitigation strategies.
What You Will Need for this Position:
- Minimum 5+ years of experience in product security or a related field.
- Proven experience in security assessments, threat modeling, code reviews, and penetration testing methodologies.
- In-depth understanding of secure coding practices and secure software development life cycle (SDLC) principles.
- Scripting experience in Bash, Python, etc.
- Experience in AWS infrastructure security will be an added advantage
- Excellent communication, collaboration, and interpersonal skills with the ability to effectively influence cross-functional teams.
- Strong analytical and problem-solving skills.
- Ability to prioritize tasks and manage multiple projects simultaneously.
- A passion for building secure products and fostering a security-conscious culture.
- Experience with common security tools and frameworks (e.g., OWASP, CWE) a plus.
- Certifications in security (e.g., OSCP) is a plus.