A rapidly growing FinTech startup is looking for a Director of Product Security based in the United States or Canada. This position will lead a small and highly-capable team of engineers and architects and partner with DevOps and Security Operations to promote a security-first mindset within the organization. The ideal individual will be a hands-on leader, stepping in as an active player in product security engineering functions as needed.
Key Responsibilities to Include:
- Take ownership of the Product Security program, developing short and long-term plans and directly overseeing their implementation.
- Evaluate and oversee onboarding of new security tools; make recommendations for updates following industry developments.
- Lead a small team of 2-4 engineers and 1-2 architects, providing hands-on guidance as needed.
- Collaborate with software engineering/DevOps teams to adopt and maintain a Secure Software Development Lifecycle (SSDLC)
- Perform technical product security functions including but not limited to the following: code & architecture reviews, threat modeling, incident response, penetration testing, vulnerability scans, and automation.
- Serve as a figurehead for the security engineering program within the business and work with internal and external leaders to advise on security best practice.
The Ideal Director of Product Security Will Have:
- Minimum 6-8 years in highly technical security engineering/architecture roles directly related to application security, software security, cloud security (AWS, Azure, GCP), and/or information security.
- Previous experience in software development highly desired.
- In-depth knowledge of application security solutions (SAST, DAST, SCA) and industry trends.
- Knowledge of at least one coding/programming language highly desired (ie. Python, Java, Go, C++).
- Experience assessing and making recommendations to mitigate risk throughout product development and maintenance.
- Knowledge of industry compliance and secure coding standards (NIST, ISO 27001, OWASP Top 10, etc.).
- Strong communication skills and an infectious enthusiasm for security - previous leadership experience a plus, but not required.
- A B.S. in Computer Science or a related field and relevant certifications (CISSP, CEH, CSSLP, etc.)
This is an excellent opportunity for an individual who is looking to develop their role as a leader while remaining a hands-on security practitioner. The ideal candidate will have a passion for security and a desire to mentor more junior engineers/architects without micromanaging team members' individual responsibilities.
Candidates should be located in the United States. Remote optional for the right candidate, hybrid strongly preferred.
