The Product Security Manager is an individual with solid hands-on technical understanding of enterprise security solutions, cloud infrastructure and services platforms (AWS & Azure), latest security regulations, security best practices and security threats. In this individual contributor role, you will support various security initiatives in support of commercial software products from development through deployment and ongoing maintenance. You’ll work with cross-functional teams to protect our products and users from emerging security threats throughout the security development lifecycle. The person assists the security team in improving the security measures, maintaining and enforcing security policies, and ensuring compliance.

• Define and enforce security requirements for software products, features, and components. Ensure security considerations are included in the product roadmap and development plans
• Design, perform, and maintain security analysis on commercial products throughout the product lifecycle including controls assessments, threat modeling, privacy impact assessments, SAST, DAST, and third-party application penetration testing
• Identify, assess, and prioritize product security risks
• Collaborate with cross-functional teams to perform vulnerability management of identified risks and implement strategies for mitigating identified risks
• Work cross-functionally to ensure that security tooling is embedded in the product CI/CD pipelines to adopt shift left security
• Collaborate with the product, engineering, and other stakeholders to lead WAF deployments and adoption initiatives as it relates to commercial product
• Track and report on product security performance, including effectiveness of security measures, incidents, and ongoing security improvements
• Participate in incident response activities as they relate to application security

• Technical proficiency with software engineering methodologies such as peer reviews and continuous integration
• Technical experience in OWASP web application and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks
• Experience with technical threat assessments and threat modeling of software applications and hardware devices using tools such as Microsoft Threat Modeling tool
• Experience with technical vulnerability discovery using tools such as Burpsuite, GitHub Advanced Security, Qualys, and Tenable
• Experience with industry standards and compliance standards such as NIST, HIPAA, and OWASP
• Experience with penetration testing tools and methodologies
• Experience with vulnerability management
• Experience with scripting languages such as PowerShell, Python, or Perl
• Solid understanding of web applications, web servers, application firewalls, and protocols with respect to web application development, deployment, and operation
• Knowledge of web technologies and concepts
• Understanding of AWS and Azure cloud technologies
• Understanding of Web Application Firewalls including Barracuda, AWS, and Cloudflare
• Understanding of TCP/IP, web protocols and networking concepts
• Understanding of PKI Technology
• Understanding of incident response processes

Required Education, Experience, Skills and Abilities:

• University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• Minimum of 4-5 years of relevant corporate information security industry experience
• Healthcare technology industry experience is a bonus
• One or more of the following certifications: CISSP, CSSLP, CISM, CCSP
• Knowledge of cybersecurity frameworks and relevant regulatory requirements
• Proven technical experience in Threat Modeling, Risk Assessment, and Security Lifecycle Management
• Technical understanding of systems, applications, and databases
• Technical expertise in cloud infrastructure and services platforms (AWS and Azure preferred)
• Excellent communication skills at all organizational levels
• Strong project management and time management skills
• High level of personal integrity and ability to professionally handle confidential matters
• Capable of acting calmly and managing incidents under high pressure and stress
• Capable of multitasking in a fast paced, multifaceted environment
• Ability to work well with customers, peers, and management
• Proficient with the Microsoft Office Suite, Visio, and SharePoint

Preferred Education, Experience, Skills and Abilities:

• Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• 5-7 years of relevant corporate information security industry experience
• AWS Cloud Security and/or Microsoft Azure Security certifications are a plus
• Familiarity with DevOps toolchain (e.g. Terraform, Jenkins)
• Familiarity with cloud security, including but not limited to CSPM, CASB, DLP, IAM, and vulnerability management
• Familiarity with technical skills in enterprise security and networking protocols
• Demonstrated experience and knowledge of relevant regulatory and security framework requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and NIST 800 and ISO/IEC 27001/27002
• Previous working experience in healthcare technology environments