Our corporate group is looking for a Product Cybersecurity Manager.
As the Product Cybersecurity Manager, you will work to provide security guidance for our product development across the organization. You’ll build and lead a team as well as working hands-on to help us advance the security of its products and provide technology and standards fostering a consistent set of security practices and principles that span the lifecycle of our advanced and connected products. You will work with and train others in secure development practices, threat modeling, penetration testing and other security techniques.
The successful candidate will deliver and execute a compelling product security strategy spanning multiple product groups and partner with leaders across our product groups to help deliver company-wide security initiatives and establish credibility as a trusted advisor. The individual selected will be a positive influencer and change agent, communicate an inspiring vision, provide technical expertise, and foster leadership to the development of solutions to meet our customer needs.
Build and lead a team of security engineering professionals who will work with engineering teams to enhance the security posture of our products in diverse product environments.
Develop and evangelize secure architecture standards and product lifecycle practices spanning multiple layers of the architectural stack.
Identify and define system security requirements.
Participate in the design computer security architectures and develop detailed cybersecurity designs and security plans.
Work closely with engineering teams to define, adopt mitigations, and develop new solutions for secure development and operations.
Evaluate, prototype, implement, and support security-focused tools and services while maintaining a strong knowledge of current security threats and operational best practices.
Lead security architecture design reviews and threat modeling for new and existing technologies related to our products.
Identify commonalities across product lines and drive creation of common security standards, practices, and tools.
Work with our Corporate IT Policy team to develop standards and best practices for security engineering.
Bachelor’s degree or equivalent.
7 - 10 years of demonstrated experience developing secure software and participating in the full software development lifecycle.
Strong knowledge of Secure Development Life Cycle frameworks such as Microsoft SDL, CLASP, SAMM or BSIMM.
Understanding of security and risk management frameworks such as NIST 800-171, CMMC, NIST 800-53, ISO 27001.
Understanding of risk assessment and management methodologies.
Strong understanding of effective threat modeling, attack tree and kill chain analysis.
Experienced and highly skilled in building and managing high performance teams.
Strong stakeholder engagement and relationship management skills.
Strong interpersonal, written, and oral communication skills.
Ability to work effectively in ambiguous situations.
Preferred Skills & Qualifications:
Information Security qualifications such as CISSP, CCSK, or CISM.
Fundamentals of Azure cloud security, architecture patterns and practices.