Manager, Product Security

Position Overview

• Location Type: Remote
• Employment Type: Full-time
• Salary: Not specified

Chainguard is the secure foundation for software development and deployment. By providing guarded open source software, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Founded by the industry’s leading experts on open source software, security, and cloud native development, Chainguard has built the largest library of open source software that is secure by default. Chainguard’s mission is to be the safe source for open source.

As a manager for the Product Security team, you will lead and grow Chainguard’s Product Security practice, ensuring that all Chainguard products are designed, built, and operated with security at their core. You will manage a team of product security engineers, drive high-impact initiatives, and work cross-functionally to integrate security measures into every phase of Chainguard’s software development life cycle through partnership with Engineering and Product.

Responsibilities

• Lead, manage, coach, and develop a team of Security professionals responsible for Product Security in all Chainguard products.
• Lead Product Security initiatives, ensuring alignment with organizational goals and objectives.
• Develop a broad and deep technical understanding of the services and architectures pertaining to Chainguard products.
• Contribute to the short and long-term security strategy to ensure that products are designed and built securely by design while improving the secure software development life cycle (SSDLC).
• Lead new, reoccurring, or ad-hoc security initiatives with end-to-end ownership.
• Participate in security escalations.
• Collaborate with product and engineering teams to ensure security is integrated into all aspects of the Chainguard products.
• Design and deliver internal collateral, author internal processes, and contribute to thought-leadership content to deepen security fluency across Chainguard and among our customers.
• Serve as an escalation point for critical security incidents and ensure timely remediation.

Requirements

• Secure Coding and DevSecOps Initiatives: Experience in implementing and leading DevSecOps initiatives, frameworks, and tools used for SCA, SAST, CNAPP, threat enrichment, etc.
• Agile Methodologies: Experience with Agile development/Scrum methodologies and incorporating security requirements into the SDLC (CI/CD) with product owners.
• Programming and Deployment: Experience in managing programs supporting secure code and software deployments in various languages (Python, Node.js, C#, .NET, JavaScript, Go, Ruby, GraphQL, SDK, and RESTful API design/development).
• Technical Expertise and Industry Standards Knowledge: Extensive experience in secure code reviews, business logic assessments, and application security testing. Deep understanding of network, data, and cloud security principles; and Expert knowledge of security principles, standards, and best practices.

Application Instructions

• Not specified.