Sr. Manager of Product Security

Perforce is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. We are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. At Perforce, you’ll work with and learn from some of the best and brightest in business. Before you know it, you’ll be in the middle of a rewarding career at a company headed in one direction: upward.    With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce Software, Inc. is trusted by the world’s leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose Perforce.  
Position Summary:
Perforce is searching for a skilled and experienced Sr. Manager of Product Security to lead the Product Security team. The ideal candidate will be responsible for leading product security initiatives within our organization, overseeing the security posture of a company's products throughout their lifecycle and driving customer trust in Perforce’s security program while building a culture of effective security. 
This role will ensurere that security is deeply integrated into the development process by leading a team to conduct security assessments, vulnerability management, threat modeling, and working closely with product development teams to implement security controls and best practices in line with compliance goals, customer driven requirements, and security best practices. The successful candidate will have a proven track record of implementing and maintaining Secure Software Development Lifecyle (SDLC) programs, engaging with development and product teams, and providing strategic recommendations to mitigate risks.
This role also involves continuous monitoring and reporting on the effectiveness of our security initiatives to a number of audiences, including engineering leadership, expecutives, and development teams.

Responsibilities:

• Lead a team of security engineers in the execution of security strategies and action plans aligned with the following responsibilities: 
• Lead proactive security discussions with development teams to integrate best practices throughout the software development lifecycle.
• Conduct comprehensive application security assessments using a variety dynamic and static testing methodologies.
• Develop and manage processes to ensure comprehensive threat modeling and security requirements analysis
• Provide expert guidance on remediating identified security flaws and vulnerabilities.
• Stay current with evolving security threats and compliance standards to ensure continuous improvement of security measures.
• Collaborate with engineering, product management, business, and other technology stakeholders to integrate security into the software development lifecycle (SDLC).
• Oversee the validation and prioritization of vulnerabilities within services, applications, and products.
• Actively promote improvement of the security culture, standards, and education within the engineering organization to enhance security awareness and train developers and other relevant staff in secure coding practices.
• Establish metrics and regular reporting mechanisms for measuring team status and the effectiveness of the application and product security tooling program.
• Respond to security incidents and provide post-mortem analysis to illuminate the root cause and prevent recurrence.
• Keep abreast of the latest security legislations, regulations, advisories, alerts, and vulnerabilities.
• Serve as a trusted advisor to technology leadership on the advancement of product security tooling, processes, and review mechanisms.
• Conduct and manage a penetration testing program for both hardware and software platforms.
• Produce metrics reporting the state of application security programs and performance of development teams against requirements.

Requirements:

• 7+ years of experience in application security,  secure software development, product security, or a related role, with at least 2 years in a managerial position.
• Strong understanding of application security frameworks, standards, and best practices (e.g., OWASP, SANS, NIST).
• Experience with secure coding practices, ethical hacking, and threat modeling.
• Knowledge of scripting and programming languages such as Python, Java, C++, JavaScript, or PHP, languages are a plus.
• Understanding of threats, threat modeling, and the applicability to business systems.
• Intimate understanding and knowledge of the secure application development life cycle. 
• Strong leadership and team management skills.
• Ability to work under pressure and make decisions independently in challenging situations.
• Strong problem-solving skills, ability to think critically and ethically.
• Security-related certifications (such as CISSP, CISM, or CEH) are a plus.
• Demonstrated ability to lead and inspire a team, fostering a culture of excellence and continuous improvement.
• Strong written and verbal communication skills, with the ability to convey complex information clearly and concisely.

Additionally, this position is eligible for benefits including, but not limited to, medical, dental, vision, retirement benefits, life insurance, wellness programs, total time off, and other employee perks that may be offered by Perforce from time to time. The actual offer will depend on a number of factors including, but not limited to, a candidate’s education, skills, qualifications, depth of experience and other relevant business considerations. Perforce reserves the right to amend or modify employee perks and benefits at any time. 
Come work with us! Our team members are valued for their contributions, introduced to new opportunities, and rewarded well. Perforce combines the experience and rewards of a start-up with the security of an established and privately held profitable company. If you are passionate about the technology that impacts our day-to-day lives and want to work with talented and dedicated people across the globe, apply today! www.perforce.com Perforce Software is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth, pregnancy-related conditions, and lactation), gender identity or expression (including transgender status), sexual orientation, marital status, family or relationship structure, military service and veteran status, physical or mental disability, genetic information, gender identity, or any other characteristic protected by applicable federal, state, or local laws and ordinances. Perforce Software's management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, access to facilities and programs, and general treatment during employment.