Senior Manager of Product Security

Summary

Join Perforce as a Sr. Manager of Product Security and lead a team responsible for enhancing the security posture of our products. You will oversee security initiatives throughout the product lifecycle, driving customer trust and building a strong security culture. This role involves leading security assessments, vulnerability management, and threat modeling, collaborating with development teams to implement security controls and best practices. You will also monitor and report on the effectiveness of security initiatives to various stakeholders. The successful candidate will have a proven track record in implementing and maintaining Secure Software Development Lifecycle (SDLC) programs and possess strong leadership and communication skills. Perforce offers a rewarding career with upward mobility and a collaborative work environment.

Requirements

• 7+ years of experience in application security, secure software development, product security, or a related role, with at least 2 years in a managerial position
• Strong understanding of application security frameworks, standards, and best practices (e.g., OWASP, SANS, NIST)
• Experience with secure coding practices, ethical hacking, and threat modeling
• Understanding of threats, threat modeling, and the applicability to business systems
• Intimate understanding and knowledge of the secure application development life cycle
• Strong leadership and team management skills
• Ability to work under pressure and make decisions independently in challenging situations
• Strong problem-solving skills, ability to think critically and ethically
• Demonstrated ability to lead and inspire a team, fostering a culture of excellence and continuous improvement
• Strong written and verbal communication skills, with the ability to convey complex information clearly and concisely

Responsibilities

• Lead a team of security engineers in the execution of security strategies and action plans
• Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle
• Conduct comprehensive application security assessments using a variety dynamic and static testing methodologies
• Develop and manage processes to ensure comprehensive threat modeling and security requirements analysis
• Provide expert guidance on remediating identified security flaws and vulnerabilities
• Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures
• Collaborate with engineering, product management, business, and other technology stakeholders to integrate security into the software development lifecycle (SDLC)
• Oversee the validation and prioritization of vulnerabilities within services, applications, and products
• Actively promote improvement of the security culture, standards, and education within the engineering organization to enhance security awareness and train developers and other relevant staff in secure coding practices
• Establish metrics and regular reporting mechanisms for measuring team status and the effectiveness of the application and product security tooling program
• Respond to security incidents and provide post-mortem analysis to illuminate the root cause and prevent recurrence
• Keep abreast of the latest security legislations, regulations, advisories, alerts, and vulnerabilities
• Serve as a trusted advisor to technology leadership on the advancement of product security tooling, processes, and review mechanisms
• Conduct and manage a penetration testing program for both hardware and software platforms
• Produce metrics reporting the state of application security programs and performance of development teams against requirements

Preferred Qualifications

• Knowledge of scripting and programming languages such as Python, Java, C++, JavaScript, or PHP
• Security-related certifications (such as CISSP, CISM, or CEH)

Benefits

• Medical
• Dental
• Vision
• Retirement benefits
• Life insurance
• Wellness programs
• Total time off