Jobs · Engineering · North Carolina

Manager, Product Security Lead

SAS · Cary, NC · 3 wk ago
HybridEngineeringFull-time

About the role

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers. If you're looking for a dynamic, fulfilling career with flexibility and a world-class employee experience, you'll find it here. We're recognized around the world for our inclusive, meaningful culture and innovative technologies by organizations like Fast Company, Forbes, Newsweek and more.

Responsibilities

  • Maintain a current picture of the external threat environment, including CVEs, industry incidents, emerging attack patterns, and regulatory shifts, and proactively brief engineering leadership on what matters and why.
  • Audit external threats against the SAS portfolio in architectural context, filtering findings that are unexploitable given how Viya is built and deployed, so engineering teams stay focused on genuine risk.
  • Lead the organization's response to CVE risks from penetration tests, customer requests, and Tech Support PSIRTs, determining appropriate responses such as mitigation, compensating controls, or full remediation.
  • Lead, mentor, and direct a small team of offensive security specialists conducting internal penetration testing, validating findings, reviewing remediations, and coordinating follow-on testing.
  • Represent Global Engineering on the ISMS Board and serve as a named lead in the organization's security incident response playbook.
  • Ensure all applicable security policies and processes are followed to support the organization's secure software development goals.
  • Influence without authority: demonstrate ability to drive alignment on security priorities across large, distributed engineering organizations.
  • Architectural fluency: build genuine understanding of the systems you secure and know when you need to go deeper before rendering judgment on a finding.
  • People development: set direction for experts, evaluate their work, and make the practitioners around you more effective.
  • Penetration testing leadership, offensive security, or red team operations experience.
  • Experience with supply chain security, SBOM, and third-party risk management.
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, and SANS-25.
  • Familiarity with security governance frameworks and ISMS participation.
  • Recognized thought leadership in the security community (publications, conference contributions, open-source).

Requirements

  • Bachelor's degree with major study in Computer Science, Electrical Engineering, or related field.
  • Relevant security certifications preferred, such as GIAC certifications, CEH, CCSP, CSSLP, CISM, or CISSP.
  • Extensive hands-on experience in product security, application security, or software security engineering, with a track record of meaningful impact, not just process compliance.
  • Deep technical understanding of modern software architectures, cloud platforms, and enterprise SaaS deployment models, sufficient to evaluate security findings in architectural context, not just in the abstract.
  • Proven experience in threat intelligence, CVE management, and security incident response, including hands-on involvement in active incidents.
  • Exceptional communication skills across audiences, able to brief executives on what matters and advise engineers precisely on what to do.

Qualifications

  • Equivalent combination of related education, training, and experience may be considered in place of the above qualifications.

Additional Competencies, Knowledge And Skills

  • Influence without authority: demonstrated ability to drive alignment on security priorities across large, distributed engineering organizations.
  • Architectural fluency: you build genuine understanding of the systems you secure and know when you need to go deeper before rendering judgment on a finding.
  • People development: you set direction for experts, evaluate their work, and make the practitioners around you more effective.
  • Penetration testing leadership, offensive security, or red team operations experience.
  • Experience with supply chain security, SBOM, and third-party risk management.
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, and SANS-25.
  • Familiarity with security governance frameworks and ISMS participation.
  • Recognized thought leadership in the security community (publications, conference contributions, open-source).

Similar jobs