Bugcrowd is a cybersecurity company that empowers organizations to combat security threats through a crowdsourced approach. The Product Security Engineering Manager will set strategy and lead the execution of application security, platform security, and FedRAMP programs while mentoring a distributed team of security engineers.
Responsibilities:
- Lead, grow, and empower a high-performing team of product security engineers, fostering a culture of engineering excellence, psychological safety, and continuous learning
- Own and evolve our secure development lifecycle. You will drive "shift-left" initiatives across architecture reviews, threat modeling, SAST/DAST, continuous end-to-end testing, and advanced fuzzing
- Design and launch a Security Foundations program focused on secure-by-default engineering. Your goal isn't just to find bugs, but to systematically eradicate entire classes of vulnerabilities through paved roads and developer guardrails
- Own the security roadmap and day-to-day operations of our FedRAMP program
Requirements:
- 7+ years of experience in cybersecurity, with a focus on Product Security, Application Security, or Platform Security
- 2+ years of experience directly managing and mentoring a team of security engineers
- Demonstrable experience driving sustained improvement and managing complex projects that span multiple teams and business units
- Excellent communication skills with a proven ability to build strong partnerships with software engineering, DevOps, and product management teams, and operations teams
- Deep, hands-on experience integrating security into modern CI/CD pipelines
- Highly proficient in threat modeling, architecture reviews, implementing automated testing (SAST, DAST, SCA, Fuzzing), and SDLC program management
- Fluency in at least one or more modern programming languages (e.g., Python, Go, Ruby, Java) to facilitate code reviews, script automation, and build out security tooling
- Strong understanding of cloud-native architectures (AWS, GCP, or Azure), containerization (Kubernetes, Docker), Linux, and Infrastructure as Code (Terraform)
- Practical experience supporting compliance requirements such as Fedramp (preferred), PCI, SOC2, ISO27001, NIST 800-53
- Previous experience managing, triaging, or actively participating in Bug Bounty programs
- A background in building 'paved roads' or secure-by-default internal libraries to eliminate entire classes of vulnerabilities
- Experience working within a fast-paced, high-growth security or SaaS company