Product Security Manager
United States
Full-time
3 weeks ago
H1B Sponsor Likely
Key skills
Product Security StrategyThreat ModelingRisk AssessmentSecurity Tooling ManagementSecure Development PracticesSecurity EducationTeam LeadershipCommunication SkillsCross-Functional CollaborationAICI/CDLeadershipRisk ManagementMentoringCommunicationPenetration Testing
About this role
Envision Technology Solutions is seeking a Product Security Manager who will be responsible for driving product security risk reduction across the engineering organization. This role involves overseeing a team of Product Security Engineers and partnering with engineering leadership to embed secure practices throughout the product lifecycle.
Responsibilities:
- Lead, mentor, and develop a high-performing team of Product Security Engineers
- Establish and drive a product security strategy focused on measurable risk reduction
- Set priorities, manage team workload, and ensure consistent execution across products
- Develop KPIs and reporting mechanisms that clearly communicate security risk posture to engineering leadership and executives
- Serve as the primary security advisor to engineering directors, product owners, and architects
- Communicate technical risks in clear, business-aligned terms to influence prioritization and roadmap decisions
- Build strong relationships across engineering to promote a culture of secure-by-design development
- Facilitate and lead cross-functional conversations on emerging risks, architectural decisions, and critical vulnerabilities
- Oversee security integration across the product lifecycle, ensuring secure design, development, and testing practices are consistently applied
- Lead and scale threat modeling programs for new features, services, and architectural changes
- Drive risk assessment processes for third-party integrations, AI-powered features, and platform changes
- Guide teams in prioritizing vulnerabilities based on exploitability, impact, and business context
- Manage the Product Security tech stack (SAST, SCA, secret scanning, DAST, dependency management)
- Partner with engineering to tune and mature detection rules, reduce noise, and ensure findings are actionable
- Oversee development of automation, internal tooling, and CI/CD integrations that support efficient detection, triage, and remediation
- Ensure the team performs high-quality manual security reviews, including code analysis, architecture reviews, and targeted penetration testing where needed
- Drive security education, secure coding training, and engineering enablement initiatives
- Champion NHI Governance and other product security governance programs that increase engineering accountability and reduce long-lived exposures
- Work with cross‑functional stakeholders to align product security practices with organizational risk management objectives
Requirements:
- Experience in leading and mentoring a team of Product Security Engineers
- Proven track record in establishing and driving a product security strategy focused on measurable risk reduction
- Ability to set priorities, manage team workload, and ensure consistent execution across products
- Experience in developing KPIs and reporting mechanisms to communicate security risk posture
- Strong communication skills to serve as a primary security advisor to engineering directors, product owners, and architects
- Ability to communicate technical risks in clear, business-aligned terms
- Experience in building relationships across engineering to promote secure-by-design development
- Experience in facilitating cross-functional conversations on emerging risks and critical vulnerabilities
- Experience overseeing security integration across the product lifecycle
- Experience leading and scaling threat modeling programs
- Experience driving risk assessment processes for third-party integrations and platform changes
- Ability to guide teams in prioritizing vulnerabilities based on exploitability and impact
- Experience managing a Product Security tech stack (SAST, SCA, secret scanning, DAST, dependency management)
- Experience partnering with engineering to tune detection rules and ensure findings are actionable
- Experience overseeing development of automation and CI/CD integrations for security
- Experience performing high-quality manual security reviews, including code analysis and architecture reviews
- Experience driving security education and secure coding training initiatives
- Experience championing governance programs that increase engineering accountability