Sr. Manager, Product Security
About the role
SimpliSafe is a high-tech home security company dedicated to protecting homes and the communities they serve. We have a culture that fosters growth and innovation, encouraging our employees to take ownership of their careers.
Primary Responsibilities
- Own and drive the product security roadmap, collaborating with the CISO to define and evolve the program.
- Establish security standards and guidelines for IoT, mobile, cloud, data, and third-party integrations, staying ahead of emerging threats.
- Lead, mentor, and recruit top product security engineering talent, fostering a collaborative and inclusive environment.
- Embed security into the SDLC by leading threat modeling, architecture reviews, and championing security automation and tooling.
- Drive a vulnerability management program from identification through remediation, overseeing penetration testing and red team exercises.
- Collaborate with Engineering and Product to incorporate security throughout the product lifecycle, serving as a trusted advisor on risk and business impact.
- Represent Product Security in cross-functional planning, architecture forums, and executive briefings.
- Partner with Legal and Compliance to meet regulatory requirements and industry standards.
- Protect customer trust by ensuring the highest security standards and coordinating responsible disclosure and external vulnerability reporting.
- Contribute to customer-facing security communications when incidents or significant findings require transparency.
Qualifications
- Up to 7 years of progressive experience in information security, with at least 3 years focused on product or application security in a product-driven company.
- 3+ years of people management experience leading security engineering teams.
- Deep technical fluency in AWS and at least one or more of: IoT/embedded security, mobile security (iOS/Android), API security, and secure SDLC practices.
- Proven ability to perform and lead threat modeling, security architecture reviews, and vulnerability assessments at scale.
- Track record of building and scaling product security programs from the ground up or dramatically raising the bar in an existing one.
- Strong communicator who can translate complex security risk to both technical engineers and non-technical executives with equal clarity.
- Experience working in an Agile/DevSecOps environment; comfortable with CI/CD security tooling (SAST, DAST, SCA, container scanning).
Values
- Customer Obsessed - Building deep empathy for our customers, putting them at the core of our work, and developing strong, long-term relationships with them.
- Aim High - Always challenging ourselves and others to raise the bar.
- No Ego - Maintaining a "no job too small" attitude, and an open, inclusive, and humble style.
- One Team - Taking a highly collaborative approach to achieving success.
- Lift As We Climb - Investing in developing others and helping others around us succeed.
- Lean & Nimble - Working with agility and efficiency to experiment in an often ambiguous environment.
Pay
The target annual base pay range for this role is $159,800 to $213,000. This range represents our good-faith estimate of what we expect to pay for this role. We use a market-based compensation approach to set our target annual base pay ranges and make adjustments annually. We carefully tailor individual compensation packages, including base pay, taking into consideration employees' job-related skills, experience, qualifications, work location, and other relevant business factors. Beyond base pay, we offer a Total Rewards package that may include participation in our annual bonus program, equity, and other forms of compensation, in addition to a full range of medical, retirement, and lifestyle benefits.