Lead Product Security Engineer
United States of America
Full-time
2 weeks ago
H1B Sponsor Likely
Key skills
GitGitHubSDLCLeadershipRisk ManagementOWASPPenetration TestingCloud Security
About this role
Envision Technology Solutions is seeking a Lead Product Security Engineer to drive product security risk reduction across the engineering organization. This role involves overseeing a team of Product Security Engineers, leading threat modeling initiatives, and ensuring secure design and development practices throughout the product lifecycle.
Responsibilities:
- Lead mentor and develop a highperforming team of Product Security Engineers
- Establish and drive a product security strategy focused on measurable risk reduction
- Set priorities manage team workload and ensure consistent execution across products
- Develop KPIs and reporting mechanisms that clearly communicate security risk posture to engineering leadership and executives
- Serve as the primary security advisor to engineering directors product owners and architects
- Communicate technical risks in clear businessaligned terms to influence prioritization and roadmap decisions
- Build strong relationships across engineering to promote a culture of securebydesign development
- Facilitate and lead crossfunctional conversations on emerging risks architectural decisions and critical vulnerabilities
- Oversee security integration across the product lifecycle ensuring secure design development and testing practices are consistently applied
- Lead and scale threat modeling programs for new features services and architectural changes
- Drive risk assessment processes for thirdparty integrations AIpowered features and platform changes
- Guide teams in prioritizing vulnerabilities based on exploitability impact and business context
- Manage the Product Security tech stack SAST SCA secret scanning DAST dependency management
- Partner with engineering to tune and mature detection rules reduce noise and ensure findings are actionable
- Oversee development of automation internal tooling and CICD integrations that support efficient detection triage and remediation
- Ensure the team performs highquality manual security reviews including code analysis architecture reviews and targeted penetration testing where needed
- Drive security education secure coding training and engineering enablement initiatives
- Champion NHI Governance and other product security governance programs that increase engineering accountability and reduce longlived exposures
- Work with cross functional stakeholders to align product security practices with organizational risk management objectives
Requirements:
- Proven experience in product/application security software engineering or security architecture with the ability to engage deeply in both technical and strategic discussions
- Experience leading and developing technical security teams
- Strong communicator capable of influencing engineering leaders and translating security risks into clear actionable guidance
- Hands-on understanding of secure design principles modern application architectures and common vulnerability classes OWASP cloud security AILLM risks etc
- Working knowledge of engineering workflows Git/GitHub pull requests CICD pipelines
- Familiarity with SAST SCA DAST secrets scanning dependency management and related tooling
- Ability to drive alignment across multiple teams and balance long-term improvements with tactical needs
- Passionate about enabling developers to build secure products through tooling automation and education
- Mandatory Skills: Application Security - API Security testing, Application Security (application security framework/ threat modelling/ Secure SDLC/ DevSecOps/Application Security Architecture Review)