Engineering Manager - Product Security (10-12 yrs)

Job Description :

Responsibilities :

- Develop and maintain the company's overarching security strategy, ensuring alignment with the overall engineering and product roadmaps.

- Design and implement a comprehensive security architecture framework that integrates security controls effectively into the design of products and applications.

- Define and maintain security baselines and design patterns aligned with industry best practices and regulatory standards (e., OWASP, NIST, ISO 27001).

- Build, lead, and mentor a high-performing team of security engineers.

- Foster a culture of continuous learning and professional growth within the team.

- Oversee hiring, training, performance management, and career development for team members.

- Own and implement secure SDLC/DevSecOps processes across the entire product portfolio, including threat modeling, vulnerability assessments, and penetration testing.

- Guide engineering teams on the development of appropriate security standards, requirements, and technology baselines.

- Provide secure design guidance, code reviews, and security best practices to application and product development teams.

- Build and own a lightweight product security incident response process, including incident detection, investigation, and remediation.

- Define and manage risk appetite and thresholds.

- Develop and implement a comprehensive risk management plan to address identified security risks.

- Cultivate a strong security culture within the engineering organization through initiatives such as security champion programs and awareness campaigns.

- Collaborate with other departments (legal, compliance) to ensure security best practices are integrated across the organization.

Required Skills & Experience :

- 10+ years of experience in software engineering, with at least 5 years of experience in security engineering roles (Security Architect, Security Engineer, Application Security Engineer).

- Proven experience leading and mentoring security engineering teams.

- Strong understanding of security principles, vulnerabilities, and threats (OWASP Top 10, CWE/SANS Top 25).

- Experience with secure software development methodologies (Agile, DevSecOps).

- Experience with security tools and technologies (vulnerability scanners, penetration testing tools, SIEM).

- Experience with cloud security best practices (AWS, Azure, GCP).

- Strong analytical and problem-solving skills.

- Excellent communication and interpersonal skills.

- Ability to work independently and as part of a cross-functional team.

- Strong leadership, mentorship, and coaching skills.

Desired Skills & Experience :

- Experience with industry security standards and certifications (ISO 27001, SOC 2).

- Experience with threat modeling methodologies (STRIDE, DREAD).

- Experience with container security and microservices architecture.

- Experience with security automation and orchestration tools.

- Relevant security certifications (CISSP, CISM, CISA)