Key skills
Security OperationsDevSecOpsProduct SecuritySoftware Development Lifecycle (SDLC)PythonGoSoftware Bill of Materials (SBOM)Software Composition Analysis (SCA)Stakeholder InfluenceStrategic ThinkingSDLCLeadershipProduct Management
About this role
AMISEQ is focused on Product Security Operations, and they are seeking a Security Operations Engineer to manage and remediate third-party and open-source risks. This role requires a combination of technical depth and the ability to navigate complex organizational structures to lead the strategic management of external dependencies.
Responsibilities:
- Third-Party Library Management: Act as a technical lead for managing external dependencies, driving the strategy and execution for upgrades and patching across multiple product lines
- Cross-Functional Orchestration: Work closely with stakeholders across Engineering, Product Management, and DevOps to prioritize security requirements and align them with existing release roadmaps
- Policy & Requirements Articulations: Translate high-level security policies into clear, actionable product requirements and technical guidance that development teams can implement effectively
- Operational Visibility: Leverage data, including Software BIll of Materials (SBOM) and asset intelligence, to identify systemic risks in the supply chain and report on remediation progress to leadership
- Initiative Management: Drive security projects with a focus on clear ownership, milestone tracking, and proactively resolving conflicts in priority to ensure successful delivery
Requirements:
- 5+ years in Security Operations, DevSecOps, or Product Security, with a track record of managing and reducing security debt in complex environments
- A proven ability to communicate technical security risks to various audiences and build consensus across disparate engineering teams
- Experience interpreting security policies and turning them into practical, technical requirements for developers
- A deep understanding of the software development lifecycle (SDLC) and the complexities involved in upgrading core libraries in a large-scale environment
- Exceptional organizational skills and the ability to manage complex, multi-quarter security initiatives from start to finish
- Proficiency in scripting (e.g., Python, Go) to automate the tracking of library versions and vulnerability status
- Familiarity with supply chain security standards (such as SBOM/VEX) and SCA (Software Composition Analysis) tooling
- Experience in a global, distributed environment where managing cross-functional dependencies is a core part of the culture
- A background in Technical Program Management (TPM) or Engineering Management