Senior Director, Product Security
The Sr. Director of Product Security will set the overall security strategy for the Carbon Black product lines. This position is separate but complementary to the corporate CISO, and will focus on driving the next evolution of our internal product security program. This individual will work with the product management and engineering teams to ensure that our internal product security program continues to be effective in response to the ever-changing threatscape that Carbon Black faces as we grow.
The qualified candidate will have deep technical knowledge of the security issues that surround both cloud hosted (SaaS) service offerings and on-prem software products, and be able to communicate effectively with the product development teams, customers, and corporate CISO functions.
What You'll Do
- Validate and improve our product Secure Development Lifecycle and global regulatory compliance
- Evolve and execute product security strategy
- Recruit and manage the Carbon Black Security Response team and administer its processes
- Track to resolution open security and vulnerability items
- Define and manage secure coding practices, including code analysis and audit
- Manage external and internal penetration tests
- Manage the Carbon Black bug bounty program
- Manage internal and external vulnerability analysis programs
- Work as a complement to corporate security operations to define and maintain a cohesive monitoring and response program for all Carbon Black Cloud Hosted Services
- Work alongside Product Management to maintain, execute, and prioritize a product security feature backlog
- Ensure product continuity in the face of an attack
- Work alongside Carbon Black Threat Analysis Unit to investigate and mitigate potential bypass and exploit techniques
- Efficiently and effectively evaluate and communicate product security posture to the Carbon Black Product team, with recommendations and prioritization as required
- Manage relationships with the greater external research community in terms of responding to disclosures.
What You'll Bring
The successful candidate will be deeply technical, with a focus more on engineering practices than policy application and also have:
- Bachelor's degree in Computer Science, or related Field; Master’s Degree a plus
- 10-15 years experience in both software engineering and security related field
- Certifications: CISSP , CISM, or related is a plus