Lead Product Security Engineer

The Director, Application and Product Security (DAPS) will lead the application security program to ensure the integrity, confidentiality, and availability of the company's SaaS products. Responsibilities include identifying, documenting, assessing, prioritizing, sizing, and mitigating application security risks, while overseeing measures that protect company data. The role requires expert experience and skills with a proactive approach to risk management and rapid response to security threats to uphold customer trust and compliance with regulatory standards.

• Develop and oversee the implementation of application security strategies and policies.
• Maintain in-depth knowledge of secure coding practices, application architectures, and cloud security.
• Handle biannual third-party penetration testing.
• Work with development and product teams to ensure reported issues are resolved or mitigated promptly.
• Ensure IT policies, procedures, and systems comply with industry regulations, standards, and best practices.
• Define and implement the long-term vision, strategy, and roadmap for product and application security aligned with company objectives.
• Integrate security into the Software Development Life Cycle (SDLC) and DevSecOps pipelines.
• Adopt an adversary perspective to identify, prioritize, and mitigate vulnerabilities.
• Proactively review product builds using security tools to ensure secure releases.
• Develop security controls frameworks to support initiatives like Generative AI.
• Collaborate with development teams on code audits, solution requirements, and technology roadmaps.
• Coordinate with G&A, audit firms, and development teams for security reviews and audits.
• Lead all aspects of the Secure Development Lifecycle (SDL) and application testing disciplines.
• Stay informed about emerging threats and vulnerabilities.
• Identify, document, assess, and mitigate application security risks; own security backlog prioritization.
• Communicate security risks and recommendations to executive leadership.

• Extensive experience in application security within a SaaS environment.
• Strong background in software development and security.
• Familiarity with compliance standards such as ISO 27001, GDPR, SOC2.
• Excellent communication and interpersonal skills.
• Bachelor's degree in Computer Science, Information Security, or related field.
• Advanced cybersecurity certifications (e.g., CISSP, CISM) preferred.

This role involves strategic oversight and operational management of application security, emphasizing collaboration with product managers and engineers to embed security into the product lifecycle. The position requires an articulate and persuasive leader capable of serving as an effective member of the senior management team.