TraceLink - Senior Product Security Lead (3-6 yrs)

About the job

Company overview:

TraceLink's software solutions and Opus Platform help the pharmaceutical industry digitize their supply chain and enable greater compliance, visibility, and decision making.

It reduces disruption to the supply of medicines to patients who need them, anywhere in the world.

Founded in 2009 with the simple mission of protecting patients, today Tracelink has 8 offices, over 800 employees and more than 1300 customers in over 60 countries around the world.

Our expanding product suite continues to protect patients and now also enhances multi-enterprise collaboration through innovative new applications such as MINT.

Tracelink is recognized as an industry leader by Gartner and IDC, and for having a great company culture by Comparably.

As part of the Security team, this individual will lead the product security team to advance the security of TraceLink's applications and supporting infrastructure.

The role is responsible for providing the vision and leadership to continually improve security maturity from Design to Production through strong partnership with the Product and Cloud Operations organizations.

Additionally, this hands-on role will assist with integration, management, and development of additional tooling needed to evaluate and enforce TraceLink's security standards.

Responsibilities:

- Define goals and objectives related to product security, prioritize work, and allocate resources

- Manage the day-to-day activities of product security team members focused on the applications, platforms, and supporting infrastructure of TraceLink's SaaS and PaaS solutions

- Build, maintain, and optimize integration of security practices and tooling into the software development lifecycle

o Secure architectures and requirements

o Threat modeling

o Secure coding practices

o Manual and automated code reviews

o Analyze results from automated tools

o Security assessments / white box testing

- Identify and evaluate product security risks and work with stakeholders to remediate or mitigate

- Maintain product security related policies, standards, and procedures

- Evaluate an implement emerging technologies that provide additional business value

- Drive continual innovation, improvements, and maturity to the SDLC with new practices, toolsets, and automation

- Maintain expertise in application security and new threat vectors

- Coordinate third party security testing of TraceLink's solutions

- Participate in investigations, triage, and remediation for security events and incidents

- Support the company's certifications and attestations through day-to-day practices and championing of policies, procedures, and controls to others

- Mentor other members of the Product Security team and support their ongoing development

Required Skills and Qualifications

- Demonstrated leadership experience with initiatives/programs and teams

- Excellent verbal and written communication skills to effectively and clearly engage various levels in the organization

- Ability to organize, prioritize, manage, and delegate work in support of assigned objectives.

Strong project management skills to ensure successful on-time delivery.

- Demonstrable knowledge and experience with security concepts and tooling in the use of designing, building, and testing secure applications and systems.

- Demonstrable experience developing cross-functional programs and collaborating with other disciplines to for inclusion of security into the software development lifecycle

- Experience with performing threat modeling or other risk identification techniques

- Experience with managing and integrating SAST, SCA, and DAST testing tools, as well as performing penetration testing

- Excellent understanding of OWASP Top 10, including avoidance and remediation techniques

- Excellent knowledge of secure coding practices in Java and/or JavaScript

- Excellent analytical and problem-solving skills

Preferred Skills and Qualifications

- Familiarity with AWS services

- Knowledge of microservices architecture and supporting technologies

- Passionate about learning new technologies

- Experience working with Agile/Scrum development methodology

- Experience automating tasks and analysis

- Bachelor's/masters degree in Computer Science, Information Systems Security, Business Administration or related field, or equivalent experience

- CISSP, CCSP, CEH, CSSLP, CKS, AWS Security, OffSec, SANS Security, and other industry and vendor-specific security certifications