Director, Product security

Role Overview:

The Director of Product Security will lead the development and execution of the organization’s product security strategy, ensuring that all products are designed, deployed, and maintained with comprehensive security practices. The ideal candidate will be a strategic leader with extensive technical expertise in product security and a proven ability to collaborate effectively with product, engineering, and executive teams to create secure, scalable, and resilient solutions. This role will oversee a team of security professionals, working closely with cross-functional teams to integrate secure software development lifecycle (SDLC) practices, AWS Cloud security, and DevSecOps principles. Additionally, the Director will lead initiatives in risk management, threat modeling, and compliance to ensure that the organization’s products meet the highest security standards.

This is a Hybrid position located in either San Jose, CA or Frisco, TX. You will be required to be onsite on an as-needed basis, typically 1 to 6 times a month. We are only considering candidates within a commutable distance to one of the two locations and are not offering relocation assistance at this time.

About the role:

• Strategy and Leadership:

  • Lead the security initiatives related to the design, development, and deployment of our products, ensuring they meet industry security standards and regulatory requirements. (e.g., GDPR, PCI, HIPAA, SOC2).

  • Lead and mentor a growing product security team, fostering a culture of security excellence across the company.

  • Act as a strategic advisor, offering insights on industry best practices, emerging security risks and opportunities for improvement.

• Security Architecture and Design:

  • Collaborate with product and engineering teams to integrate security into the product design and development process.

  • Conduct security assessments, threat modeling, and risk analysis for products and applications.

  • Develop and enforce secure coding standards, best practices, and security requirements.

• Vulnerability Management:

  • Oversee and manage the identification, analysis, and remediation of security vulnerabilities across the product portfolio.

  • Ensure that security testing (e.g., static code analysis, dynamic analysis, penetration testing) is integrated into the development lifecycle.

• Incident Response and Risk Management:

  • Lead product security incident response efforts, including investigation, containment, and remediation.

  • Develop and maintain risk management processes, ensuring that security risks are identified, evaluated, and mitigated appropriately.

• Collaboration and Communication:

  • Partner with product managers, engineers, and other key stakeholders to ensure security is a priority at all stages of product development.

  • Communicate complex security topics effectively to non-technical stakeholders and executives.

  • Work with legal and compliance teams to ensure products meet regulatory requirements and industry standards

• Continuous Improvement:

  • Stay current with the latest security trends, tools, and technologies, applying new insights to improve product security.

  • Drive continuous improvement of security processes and practices, ensuring alignment with industry best practices.

About you:

• Minimum of 10+ years of experience in product security, software development, or related technical fields.

• At least 5 years of leadership experience managing and growing security teams.

• Proven track record of developing and executing product security strategies for a variety of products in a complex technology environment.

• Strong understanding of software development practices and experience working with modern development frameworks (e.g., Agile, DevOps).

• Deep understanding of security vulnerabilities, threats, and mitigation strategies (e.g., OWASP Top 10, secure coding practices).

• In-depth knowledge of information security frameworks, standards, and best practices.

• Expertise in threat modelling, risk assessment, and incident response, with a proactive approach to identify and mitigate security risks.

• Experience with secure coding practices and conducting security audits and assessments to ensure compliance with security policies.

• Knowledge of cloud security principles and best practices, including securing cloud infrastructure and applications.

• Hands-on experience with security tools (e.g., SAST, DAST, IAST, and SCA, penetration testing, vulnerability management).

• Experience with infrastructure as code (IaC) tools such as Terraform, with Linux systems, containerization technologies (Docker, Kubernetes)

• Strong knowledge of encryption, authentication, and authorization mechanisms.

#LI-Hybrid

Company Overview

McAfee is a leader in personal security for consumers. Focused on protecting people, not just devices, McAfee consumer solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protects their families and communities with the right security at the right moment.

Company Benefits and Perks:

We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Bonus Program
• Pension and Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to diversity which is why McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.