Listing Description

Job Title: Sr. Manager, Product Security

Reports to: CISO

Location: Remote, USA

Job Purpose:  In this role, you will drive the strategic direction and execution plans for LTK’s product and application security programs. You will lead a team of security engineers to ensure LTK products and services are built securely by design.  This position will work hand in hand with engineering and product teams and other business and security  stakeholders to identify threats, evaluate product requirements, develop security objectives and requirements, conduct security reviews assessments, and ensure secure software development, engineering, and integration. You are a technical people manager who actively coaches their team to solve complex problems, provides clarity in solving complex problems and removes roadblocks for the team to be successful.

Key Responsibilities

• Own the vision, drive the strategy and execution plan to build effective and scalable product and application security programs.


• ​​Establish and maintain product and application security hardening tools and processes, defensive coding practices, security testing and integration tools.


• Participate in relevant design and code reviews, assist with development and review of test plans to ensure effective security coverage, conduct application security assessments.


• Conduct internal and external penetration testing on LTK products and services.


• Lead and manage LTK’s bug bounty programs.


• Lead strategic technology planning to achieve business goals, including the ability to articulate ideas to both technical and non-technical groups, and business case justifications for technology and security spending initiatives for responsible areas. 


• Work with the Security Response team to coordinate response to security incidents involving LTK products and applications. 


• Define and evangelize operational policies and procedures for responsible programs.


• Partner with stakeholders and peers across the company to deliver shared outcomes that measurably improve our efficacy and efficiency to detect, recover and respond to vulnerabilities and threats.


• Drive improvements in LTK’s overall security posture leveraging information identified from security incidents, vulnerabilities and threats. 


• Maintain strong knowledge of ongoing security threats, remediations and operational best practices in the product and application security space.


• Streamline and deliver greater efficiency in the overall Security and IT organization.


• Build organizational capability by recruiting and retaining outstanding talent and providing mentorship, training, and other opportunities for professional growth and development.


• Establish credibility as a trusted advisor to stakeholders including executives, peers, and employees. 


• Create a culture of trust, innovation and accountability.


• Define and report program roadmap, status, development issues and success metrics.


• Lead effective cross-functional collaboration across groups within LTK.


• Work effectively as part of a geographically distributed team.

Requirements

• 8 + years work experience in product security, security engineering and/or software development 


• 4+ years of people management experience


• Experience leading product or application security programs for SaaS and mobile applications


• Experience implementing security solutions across the product life cycle, to include security tooling, integrations in CI/CD, etc.


• Wide technical knowledge across security, cloud security, product security, security engineering and hands on experience leading teams in software development.


• Experience managing private and public bug bounty or crowdsourced testing programs.


• Proven experience managing a highly technical and specialized engineering team responsible for secure architecture, threat modeling, development practices, security testing and various tooling. 


• Proven experience being a change agent across product, engineering and leadership teams in order to drive trust and improve our product security posture.


• Proven knowledge of engineering operations and product lifecycle process, tools and metrics.


• Ability to drive complex and cross-organizational initiatives through the influencing of and negotiation with stakeholders who at times may hold competing priorities.


• Cloud infrastructure experience (AWS preferred)


• Experience with various programming languages (Python or Golang)


• Strong analytical, process management and reporting skills


• Excellent written and verbal communication skills


• Willingness to get hands-on and work alongside with the team