Director of Product Security

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Prevent issues from becoming incidents.  About the Role 

As the Director of Product Security, you will lead our team of engineers and product security architects in driving the security posture and maturity of the products Qualys builds and delivers. This is a management role for an experienced professional with a proven track record of developing and scaling security programs and engineering solutions for SaaS platforms. You will play a critical role at a enterprise software company as you ensure the security of our products, services, and infrastructure while enabling innovation and speed in our development lifecycle. 

About Qualys & Product Security 

Qualys delivers a leading-edge security platform for enterprise organizations. We process over 2 trillion security events each year across the +20 products in our portfolio. These products consume and process rich data from the more than 6 billion IPs that we scan for customers across all sectors of the global economy at organizations in +100 countries. 

What we build is important to the world. That is why the Product Security team identifies and resolves problems early, working in-line with development as both a security partner and coach. This allows us to reduce friction, increase adoption, and drive accountability by delivering a program designed to imbed security into the product, champion that change, and enable the continuous improvement over what we build and deliver.  

 

Key Responsibilities 

Leadership and Strategy 

• Lead and mentor a team of Security Engineers and Security Architects, fostering a culture of innovation, collaboration, and delivery. 

• Develop the ability to work across and influence a portfolio of products to develop their product security maturity. 

• Execute the strategic vision for Product Security and as a leader and player. 

• Lead security architecture reviews, deliver threat modeling, and publish requirements. 

• Collaborate with Product Management, Engineering, and DevOps teams to integrate security into the development lifecycle effectively. 

• Work in partnership with Threat & Vulnerability management teams, Security Operations, and Governance, Risk, and Compliance leads. 

• Act as a trusted advisor to leadership on product security risks and strategies. 

Program Management 

• Improve and scale an existing product security program, including Secure Software Development Lifecycle (SDLC), threat modeling, security standards, design review, and security champions capabilities. 

• Develop Product Security Maturity Model capabilities aligned to OWASP SAMM, NIST SSDF, and/or BSIMM. 

• Support delivery of the Product Security Incident Response Team (PSIRT) programs and processes, enabling incident response and escalation management. 

Security Engineering and Innovation 

• Collaborate with engineering teams to develop solutions that address product security issues at scale. 

• Identify and design security architectures and technical controls that enhance the Secure by Design experience of Qualys. 

• Oversee the development and delivery of a Security Design Library, security standards, and a dedicated pod of engineering resources to produce capabilities and code in partnership with Engineering. 

Risk Management and Compliance 

• Partner with Compliance teams to ensure alignment with security standards and frameworks such as FedRAMP, ISO 27001, and other frameworks. 

• Author findings, improvement recommendations, risk registry issues, and develop business intelligence to bolster maturity in how we communicate on product security risks. 

Qualifications 

Experience

• 10+ years in application security, with at least 5 years in product-focused SaaS platforms. 

• 5+ years in engineering, with at least some time as a senior engineering lead. 

• 5+ years management experience in a leadership role. 

Technical Skills

• Expertise in web application security at an enterprise organization.  

• Expertise in secure software development practices, secure coding standards, and application security testing. 

• Mastery in delivering and also training others to deliver threat model, design reviews, and security assessments. 

• Hands-on experience with modern development practices, CI/CD pipelines, containerization technologies, and both web as well as client-side applications such as agents and appliances. 

Leadership Skills

• Proven ability to build, scale, and lead high-performing teams. 

• Measurable experience building capability maturity through influence. 

• Strong stakeholder management and communication skills to work across Engineering, Product, and Executive teams. 

What We Offer 

• Opportunity to lead and grow a critical function at a company whose reach includes protecting institutions that billions of people use every day. 

• The ability to lead a creative, capable, and growing team so that we can do more together. 

• Competitive salary and benefits, including performance bonuses and equity options.