We are seeking a highly motivated and experienced Manager of Product Security to lead and strengthen our security engagement with the Product Development and Operations organizations. This role provides both the vision and hands-on leadership for ensuring that security practices, principles, and tooling are seamlessly integrated throughout the Software Development Life Cycle (SDLC). The Manager will serve as a trusted advisor to product teams, providing expert consultation and guidance, while also overseeing testing and validation of products to proactively identify and mitigate security risks.

Key Responsibilities
• Lead and mentor the Product Security team, setting goals, priorities, and resource plans. Define key metrics to measure the effectiveness of product security efforts, ensuring security is both a driver of product trust and not a bottleneck for innovation.
• Partner with Product Management, Engineering, DevOps, and Cloud Operations teams to integrate security throughout the SDLC and drive security as a business enabler. Provide training, mentorship, and guidance to elevate overall security awareness and maturity.
• Define, promote, and facilitate secure design practices, threat modeling, secure coding, and security testing standards.
• Oversee and perform code reviews, security testing (SAST, SCA, DAST), penetration testing, and vulnerability analysis. Manage and optimize the associated tools to ensure coverage, accuracy, scale, and speed. Coordinate independent testing.
• Identify, assess, and mitigate product security risks across applications, platforms, and supporting infrastructure working with the relevant teams.
• Stay current with evolving security threats, technologies, and industry practices, ensuring our products and processes remain resilient and competitive. Maintain, evolve, and promote product security policies, standards, and procedures as needed.
• Support TraceLink’s security certifications, attestations, and compliance requirements through daily practices.
• Provide expert input during investigations and incident response activities.

Qualifications
Required
• Demonstrated leadership experience managing security initiatives and teams.
• Demonstrated ability to collaborate effectively with cross-functional teams in agile environments.
• Excellent communication skills with the ability to advise non-technical stakeholders and influence product strategies.
• Strong technical foundation in secure development practices, application architecture, common vulnerabilities (OWASP Top 10, CWE, CVE), and modern software deployment models (cloud-native, containerized, CI/CD pipelines).
• Hands-on experience with secure application design, development, and testing. Familiar with use and management of associated tooling (SAST, SCA, DAST, penetration testing). Strong understanding of secure coding practices, especially in Java and JavaScript.

Preferred
• Familiarity with AWS services and cloud-native security best practices.
• Experience with microservices architecture and supporting technologies.
• Experience working with Agile/Scrum software development methodologies.
• Industry certifications (e.g., CSSLP, CCSP, Offensive Security, SANS Security, AWS Security).
• Bachelor’s degree in Computer Science, Security, or related field—or equivalent experience.