We are looking for a Director of Product Security to join our R&D organization and take full ownership of our company's product security initiatives. In this key leadership role, you will spearhead the development and implementation of our comprehensive security strategy, encompassing both SaaS and on-premises solutions.
Responsibilities:
Develop and lead the strategic vision to manage both internal and external risks associated with our company's products and solutions.
Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
Drive secure development lifecycle and integration of security features into all phases of software design and development, including advising on proper software architecture security standards.
Vulnerabilities management - Identify and facilitate remediation of application and cloud platform exposures and vulnerabilities, including implementation of relevant systems and tools for these purposes.
Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
Research new application security tools and technologies as requested and evaluate options that enhance security capabilities.
Lead compliance gap analysis and implementation (such as SOC2, SOC3, FedRAMP)
Work closely with R&D groups - Dev teams, Platform, DevSecOps and DevOps teams, to enhance application and platform security on all layers, including monitoring and enforcement.
Conduct periodic pen testing against our Saas Platform components.
Requirements: Extensive experience in managing security teams and leading other managers and architects - managerial experience of 5+ years
Experience collaborating with cross-functional departments, including senior leadership and C-level executives.
Extensive experience in security architecture, software development, and public cloud or SaaS platform security.
Experience in Product security, Penetration testing and threat modeling.
Vast Experience in public cloud services - IaaS, PaaS, SaaS across AWS, Azure and GCP.
Experience in securing Cloud based environments and complex topologies.
Working in large engineering organization (at least 100 engineers) responsible for a SaaS offering.
Experience with TLS \ Cryptography, Authentication technologies, IDP / SAML, WAF / Firewalls / Network security and Windows and Linux Security.
Thorough understanding of cybersecurity frameworks, such as NIST CSF, CIS CSC, etc.
Experience with implementing and maintaining cloud security tools and tech such as CSPM, EDRs, SIEM, SOC tools and more.
Experience with web & application security, familiar with OWASP frameworks, solutions, and initiatives
Experience with security solutions such as DB Firewalls, Vulnerability scanners, and RASP/DAST/SAST solutions.
Experience in implementation of Secure Development LifeCycle
Coordinate, participate and deliver threat modeling for given\new designs and architectures.
Educate key stakeholders on program, risks, and importance of security in our company's products & solutions.
Work with the business to identify, capture, escalate, and close security vulnerabilities found in our company's products.
Leverage tools to deliver vulnerability information back to the development organization for remediation.
Coordinate security risk assessments for new products & solutions through the risk assessment team
Advantages:
Experience in Software development or Engineering leading roles.
Relevant certifications such as OSCP, CISSP, CISM, CCSP advantage
Experience leading large security teams within a SaaS organization.
Experience as a CISO.
This position is open to all candidates.