Senior Director, Product Security

About Delinea:
Delinea is a pioneer in securing identities through centralized authorization, making organizations more secure by seamlessly governing their interactions across the modern enterprise. Delinea allows organizations to apply context and intelligence throughout the identity lifecycle across cloud and traditional infrastructure, data, and SaaS applications to eliminate identity-related threats. With intelligent authorization, Delinea provides the only platform that enables you to discover all identities, assign appropriate access levels, detect irregularities, and immediately respond to identity threats in real-time. Delinea accelerates your teams’ adoption by deploying in weeks, not months, and makes them more productive by requiring 90% fewer resources to manage than the nearest competitor. With a guaranteed 99.99% uptime, the Delinea Platform is the most reliable identity security solution available. Learn more about Delinea on Delinea.com, LinkedIn,  X, and YouTube. 

Join our passionate, global team at Delinea and help us make the world a safer and more secure place. Our success is driven by world-class product leadership, outstanding engineers, and strategic investment from TPG. We value diversity, innovation, and a culture of respect and fairness. If you're ready to push boundaries and challenge the status quo in security, we want to hear from you.
 

Apply today to help us achieve our mission.

Summary:

Delinea’s Cybersecurity organization is seeking an experienced and highly skilled Senior Director of Product Security to provide leadership and execution for industry-leading Product and Cloud Security programs. This critical leadership role will be responsible for overseeing and maturing Delinea’s Product Security function and developing best-in-class capabilities to secure Delinea’s product offerings.

The ideal candidate will be highly collaborative and customer service oriented; driven to make security integration a near-frictionless experience for our developer community. They would have deep subject matter expertise in SSDLC, DevSecOps, Product or Application Security, and Cloud Security.

This is a challenging and impactful role with security responsibilities that span multiple product offerings. You will be directly responsible for delivering a comprehensive Product Security program that includes Cloud Security, vulnerability management and penetration testing.

This role reports directly to the CISO, is based in the US, and is fully remote.

What You'll Do:

• Design and execute against a Product Security target operating model (people, process, and technology) that incorporates forward-leading agile and DevSecOps best practices.

• Set the tone for the Product Security team culture leveraging best practices in highest performing team building.

• Partner closely with peers in Product Development to integrate security while also ensuring developer enablement.

• Direct the analysis, evaluation, and enhancement of the effectiveness of Product and Cloud Security postures at procedural and technological levels.

• Use knowledge of current Product and Cloud Security best practices and industry trends to lead the implementation of Product and Cloud Security solutions.

• Provide strategic and technical leadership with respect to the development and execution of key Product and Cloud Security services to our developer community, including:

  • Performing security architecture reviews of applications in design and production phases.

  • Conducting security assessments of applications (web, cloud, mobile) using a range of manual and automated penetration testing and source code review techniques.

  • Identifying potential threats and attacks to applications systems through threat modeling and providing risk-based mitigation recommendations.

• Lead architects and engineers to:

  • Gain a deep understanding of our current state security architecture.

  • Define target state security architecture / multi-year roadmaps and execute secure designs that adhere to security standards, compliance requirements, and best practices.

  • Conduct reviews of current security measures and design enhancements.

  • Anticipate possible security threats and identify areas of weakness in the current state architecture; respond promptly and effectively to support the security operations team, as needed, with investigating possible breaches of security and root cause analysis.

  • Gather and analyze functional requirements and lead proof of concept activities with key business users and stakeholders in support of advanced use cases.

  • Work with partner organizations to understand business requirements and develop the security solutions to enable the business strategy.

• Establish and mature Vulnerability Management and Penetration testing services, ensuring alignment with business objectives and risk management strategies.

• Oversee the planning, scheduling, and resource allocation for Product Security initiatives, ensuring projects are completed on time, within scope, and on budget.

• Collaborate with Cybersecurity and other internal teams, including IT, product, and operations, to ensure Product Security initiatives meet regulatory, industry, and security standards.

• Act as the primary point of contact for all Product Security-related inquiries, escalating issues as needed to senior leadership and external stakeholders.

• Drive continuous improvement efforts within cybersecurity processes, incorporating best practices and lessons learned.

• Prepare and deliver presentations and reports to executives, stakeholders, and auditors on the status and effectiveness of Product Security and Cloud Security programs.

• Participate in customer-facing calls and review customer contracts to address Product Security-related inquiries.

What You'll Need:

• Extensive knowledge of the current Product and Cloud Security threat landscape and industry best practices.

• Proven track record of solving complex Product and Cloud Security issues and protecting products using a risk-based approach.

• Experience with establishing Secure SDLC frameworks and evaluating DevSecOps programs to determine how to embed security activities within by partnering with product teams.

• Experience working in Agile development, Product Security, Application Security, Cloud Security, DevSecOps, or DevOps role, with experience in the following technologies:

  • Containers (Docker, Kubernetes, or similar)

  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)

  • Continuous integration (Jenkins, Bamboo, or similar)

  • Integration of Security testing tools into pipeline

  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar)

  • Source code management (Azure DevOps, GitHub, Gitlab, BitBucket, or similar)

  • Application security testing tools (SAST, DAST, IAST, OSA, or similar)

  • Cloud environment (AWS, Azure, or similar)

• Experience supporting recruiting, technical interview screening, and team development.

• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.

• Ability to interact with a broad cross-section of personnel to explain and enforce security measures.

• Effective executive functioning and presentation skills.

• Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related field. Master’s degree preferred.

• 12+ years of relevant experience in Product, Application, and Cloud Security, with 5 years of Product Security leadership experience preferred.

• Strong leadership, communication, and interpersonal skills, with the ability to influence stakeholders at all levels of the organization.

• Strong analytical skills with the ability to prioritize, manage competing demands, and meet deadlines.

• Minimal travel (<10%).

We'd Love to See:

• Strong understanding of cybersecurity frameworks, risk management principles, and industry standards (e.g., NIST, ISO 27001, CIS, GDPR, FedRAMP, Common Criteria).

• Cybersecurity certifications (e.g., CISSP, CISM, CSSLP, CCSP, or similar).

• Familiarity with Jira and Confluence.

• Background in Software development.

Delinea Culture & Benefits:

Why work at Delinea?

• We’re passionate problem-solvers doing our part to make the world a safer place.

• We invest in people who are smart, self-motivated, and collaborative.

• What we offer in return is meaningful work, a culture of innovation and great career progression.

At Delinea, our core values are STRONG—Spirited – Trust – Respect – Ownership – Nimble – Global – and guide our behaviors and success. We believe weaving these core values into our day-to-day actions, and our process for hiring, evaluating, and promoting employees, helps us cultivate a work environment that embraces collaboration and camaraderie.

We take care of our employees. We offer competitive salaries, a meaningful equity and bonus program, and excellent benefits, including a full suite of medical, dental, and vision insurance, as well as pension/retirement matching, comprehensive life insurance, an employee assistance program, generous discretionary time off (DTO), and paid company holidays. We support all families with paid leave for new birth, adoption, surrogacy, or foster-to-adopt primary caregivers.

Delinea is an Equal Opportunity and Affirmative Action employer and prohibits discrimination and harassment of any type with regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Upon conditional offer of employment, candidates are required to complete comprehensive criminal background check, verification of education, and verification of employment, per employment policy. In addition, all publicly posted social media sites may be reviewed.