Product Security Engineering Manager

Job Summary

As a Product Security Engineering Manager, you will set strategy and lead execution of our application security, platform security, and federal (FedRAMP) programs. You will grow and mentor a geographically distributed team of security engineers. If you are passionate about building secure-by-default systems, embedding security throughout engineering, and love getting your hands dirty in the technical details while empowering a team, we want to meet you.

Essential Duties and Responsibilities

• Drive Team Excellence: Lead, grow, and empower a high-performing team of product security engineers, fostering a culture of engineering excellence, psychological safety, and continuous learning
• Drive the Secure SDLC: Own and evolve our secure development lifecycle. You will drive "shift-left" initiatives across architecture reviews, threat modeling, SAST/DAST, continuous end-to-end testing, and advanced fuzzing
• Architect Secure Foundations: Design and launch a Security Foundations program focused on secure-by-default engineering. Your goal isn't just to find bugs, but to systematically eradicate entire classes of vulnerabilities through paved roads and developer guardrails
• Spearhead FedRAMP Initiatives: Own the security roadmap and day-to-day operations of our FedRAMP program

Education, Experience, Knowledge, Skills, and Abilities

Experience & Leadership

• Deep Technical Background: 7+ years of experience in cybersecurity, with a focus on Product Security, Application Security, or Platform Security
• Leadership Experience: 2+ years of experience directly managing and mentoring a team of security engineers
• Program and Project Management: Demonstrable experience driving sustained improvement and managing complex projects that span multiple teams and business units
• Clear Communication: Excellent communication skills with a proven ability to build strong partnerships with software engineering, DevOps, and product management teams, and operations teams

Technical Skills

• Secure SDLC Mastery: Deep, hands-on experience integrating security into modern CI/CD pipelines. You are highly proficient in threat modeling, architecture reviews, implementing automated testing (SAST, DAST, SCA, Fuzzing), and SDLC program management
• Software Engineering: Fluency in at least one or more modern programming languages (e.g., Python, Go, Ruby, Java) to facilitate code reviews, script automation, and build out security tooling
• Cloud & Platform Security: Strong understanding of cloud-native architectures (AWS, GCP, or Azure), containerization (Kubernetes, Docker), Linux, and Infrastructure as Code