Product Security Manager
Northwood · Torrance, CA · 5 days ago
Information TechnologyFull-time
Responsibilities
- Own application security across the full software development lifecycle, ensuring security requirements are defined, validated, and enforced from design through production release.
- Conduct security architecture reviews and threat modeling for new product features, platform changes, and third-party integrations.
- Establish and maintain secure coding standards, security review gates, and developer security training programs.
- Serve as the primary security liaison for product engineering teams, translating compliance and security requirements into actionable engineering guidance.
- Deploy, manage, and continuously improve static application security testing (SAST) and dynamic application security testing (DAST) tooling integrated into development workflows.
- Own the vulnerability management program end-to-end: discovery, triage, prioritization, remediation tracking, and reporting across product and infrastructure systems.
- Conduct and coordinate penetration testing against Northwood's products and infrastructure, including scoping, execution, findings management, and remediation validation.
- Build and maintain container security scanning, dependency analysis, and software composition analysis (SCA) pipelines.
- Integrate automated security validation and policy enforcement into CI/CD pipelines, ensuring security controls do not impede engineering velocity.
- Own secrets management infrastructure, including deployment, policy configuration, access controls, and audit logging for platforms such as HashiCorp Vault.
- Implement and enforce controls for secure artifact management, signing, and supply chain integrity across build and deployment pipelines.
- Review and harden Infrastructure as Code, GitOps workflows, and deployment automation for security misconfigurations and policy violations.
- Design and implement cryptographic controls for data at rest, data in transit, and satellite communication protocols, ensuring alignment with NIST standards and government customer requirements.
- Evaluate and advise on cryptographic library selection, key management architecture, and certificate lifecycle management.
- Identify and remediate cryptographic weaknesses across product systems, including legacy protocol usage, weak cipher configurations, and improper key handling.
Qualifications
- 5+ years in product security, application security, or a closely related security engineering discipline, with demonstrated technical leadership experience.
- Deep expertise in SAST and DAST tooling, including tool selection, integration into CI/CD pipelines, and results-driven vulnerability remediation programs.
- Hands-on experience conducting or coordinating penetration testing engagements, including scoping, execution, and remediation validation.
- Strong applied cryptography knowledge, including symmetric and asymmetric encryption, PKI, key management, and secure protocol design.
- Experience owning vulnerability management programs, including prioritization frameworks, SLA enforcement, and executive reporting.
- Proficiency with secrets management platforms such as HashiCorp Vault, including policy design and access control architecture.
- Experience securing CI/CD pipelines and GitOps workflows, including IaC security review and automated security gate implementation.
- Proficiency in one or more general-purpose programming languages (Python, Go, Rust, or equivalent).
- Familiarity with government compliance frameworks including NIST 800-171, CMMC, and FedRAMP.
- Ability to obtain and maintain a TS/SCI clearance.
- U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.