Job Summary
Reporting to the Head of Product & Cloud Security, the Director of Product Security will be responsible for defining and upholding the highest standards of security within our product development lifecycle. This role involves maintaining accountability for our security posture, managing remediations, and developing a strategy to modernize our people, processes, and tools. The ideal candidate will possess a deep technical understanding of security principles and practices, along with a proven track record of leading security initiatives in a dynamic environment.
Job Requirements
Define Security Standards:
- Establish and maintain comprehensive security standards and policies for product development.
- Ensure these standards are integrated into the development lifecycle from design to deployment.
Maintain Accountability for Security Posture:
- Oversee the security posture of all products and ensure compliance with internal and external security requirements.
- Implement and manage security metrics to measure and report on the effectiveness of security controls.
Reporting on Security Posture:
- Develop and deliver regular reports on the security posture of our products to senior leadership and other stakeholders.
- Provide actionable insights and recommendations based on security assessments and metrics.
Manage Remediations for Upcoming Releases:
- Collaborate with cross-functional teams to identify, prioritize, and remediate security vulnerabilities in upcoming product releases.
- Ensure timely and effective resolution of security issues to meet release deadlines.
Manage People, Processes, and Tools:
- Develop and execute a strategy to modernize the security capabilities of the organization, including people, processes, and tools.
- Stay abreast of emerging security technologies and trends, and incorporate them into the security strategy.
Deep Technical Expertise:
- Provide technical leadership and guidance on security architecture, design, and implementation.
- Conduct deep technical assessments and code reviews to identify and mitigate security risks.
Collaboration and Communication:
- Foster a culture of security awareness and collaboration across the organization.
- Communicate complex security concepts to technical and non-technical stakeholders effectively.
Key Qualifications
- Bachelor's or Master's degree in Computer Science, Information Technology, or a related field.
- 10+ years of experience in information security, with a focus on product security.
- Proven experience in defining and implementing security standards and practices.
- Strong understanding and innovative approach to secure software development lifecycle (SSDLC) principles.
- Experience with security assessment tools and methodologies.
- Excellent problem-solving skills and the ability to work under pressure.
- Strong communication and leadership skills.
- Relevant certifications such as CISSP, CISM, or CEH are a plus.
Compensation
The base salary range for this position is $213,000-$300,000 and will be determined by the candidate's location, qualifications, experience, and education. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU's), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.
Equal Opportunity Employer:
NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.
#J-18808-Ljbffr