Product Security Engineering Manager P-050

April 4

SMASH

WebsiteLinkedInAll Job Openings

We are dedicated to hiring rockstars for the best jobs on mixed Costa Rican, Colombian and US teams.

51 - 200

Description

• The role One is seeking an experienced and dynamic Product Security Engineering Manager to lead our product security initiatives • As a key member of our team, you will play a critical role in safeguarding our applications, systems, and data • You will be responsible for a team of security engineers who perform application, platform, and cloud security functions • The team partners with product engineering squads to help them build secure solutions, while also building and delivering security roadmap capabilities to continuously mature One’s product security control environment • It is important that you are interested in directly contributing to building and maturing security capabilities while also leading the security engineering team and fostering a collaborative security culture • This role is responsible for...

Requirements

• 8+ years of experience in security roles, with a focus on application security and cloud security • 2+ years of team management experience • Deep understanding of cybersecurity principles, threat landscape, and best practices • Deep knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten), especially as they apply to TypeScript and React Native applications • Knowledge of security best practices for modern application stacks, including Kubernetes • Expertise in AWS services, including IAM, EC2, S3, Lambda, and AWS’ ecosystem of security services • Experience with API security, authentication, and authorization mechanisms • Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability to communicate these concepts to technical and non-technical partners • Certifications such as CISSP, GCLD, or GCSA are a plus

Benefits

• Developing and executing the security capabilities roadmap ensuring its alignment with product initiatives and business goals • Collaborating with cross-functional teams to integrate security practices into the software development lifecycle • Leading and mentoring a team of security engineers in both the United States and India while fostering a collaborative and innovative security culture • Setting performance goals, conducting performance evaluations, and providing ongoing feedback • Assessing and enhancing the security of our applications and APIs, and the underlying infrastructure on which they are deployed • Conducting code reviews, secure configuration reviews, and vulnerability assessments, and overseeing security testing by qualified third parties • Implementing secure coding practices, developing standards, and educating development teams • Driving the product strategy and technology roadmap for security capabilities, including automated testing tools like SAST, SCA, DAST, and CSPM • Designing, implementing, and managing infrastructure and platform security controls, especially for a modern application deployment stack to include Kubernetes and the AWS control plane • Working closely with stakeholders to prioritize security enhancements • Ensuring security solutions enable the product and business operations to comply with industry standards (e.g., ISO 27001, NIST) and regulatory requirements while meeting the product design requirements