Technical Product Management Lead

Job Description

Product Security Technical Product Management - PLMThe responsibility of the Product Security Technical Product Manager (TPM) is to drive application security strategic projects through R&D in collaboration with the PLM Security Product Manager. Key areas of focus will include maturitng security controls throughout the SDLC, enhancing Identity Access Management (IAM) and Single Sign On (SSO) capabilities in the applications, and driving inclusion of security process and controls as part of DevSecOps, as well as general security operations, as a critical component of PLM SaaS deployments. As a Product Security TPM you will continue to build up security expertise and industry knowledge to contribute to remediation of security risks, to evangelize security best practices making security a priority, to oversee the rollout of security controls in the SDLC and CI/CD pipeline, and to collaborate on security initiated projects across the development scrum teams in PLM R&D. As a representative of Product Security team collaboration and communication are key in driving security forward, working across functional areas with other TPMs and directly with the engineering teams. Expectations include a combination of both project management to deliver on complex functional projects, as well as hands-on technical security skills including knowledge of vulnerability management, secure code development practices (Java and Java Script), threat modeling, and security scanning tools (i.e. SAST, DAST, IAST, OSS). Contributions to the newly evolving PLM SaaS DevSecOps policies and practices will be a key functionality that is in direct support of the PLM business model.To be successful in this role, the candidate will have a minimum of 3 years of experience working in Product Security or as a Technical Product Manger (TPM), software development background (Java/Java Script), and an understanding of how to integrate security practices into Software-as-a-Service (SaaS) CI/CD pipeline. Candidates currently working in the Product Security or SaaS field will be given preference.Your Day-To-Day

• Define technical requirements for new IAM/SSO feature functionality in support of the IAM/SSO roadmap.
• Identify security technical requirements in support of cross-functional implementations ensuring security is built-in across the application
• Work directly with scrum teams to plan, track and oversee major complex security projects/features to ensure on-time delivery meeting release dates and cross-segment dependencies.
• Participate and contribute to the definition of the secure CI/CD pipeline for PLM SaaS operations (DevSecOps) including incident response, vulnerability management, and continuous delivery mechanisms.
• Lead vulnerability risk and severity prioritization and scoring activities across functional teams.
• Provide support to analyze and resolve key security vulnerabilities.
• Analyze and recommend strategy and direction to mitigate security risks within the development organization, continuous improvement of secure SDLC.
• Oversee the rollout of new security controls, scanning tools, and process updates, including metrics
• Contribute to critical product security incident response events.
• Collaborates in the response to Product Security related inquiries from a variety of internal and external stakeholders.
• Collaborate on the definition of product security standards, policy and processes.
• Conduct presentations in the area of cybersecurity to internal and external stakeholders.

Skills and knowledge:

• Data driven project management using tools such as Integrity, Jira, VersionOne
• Strong background in the implementation and maturity of Secure SDLC programs based on at least one industry standard framework (OWASP SAMM, BSIMM, MS SDL).
• Experience with security best practices for common authentication protocols (OpenID Connect, OAUTH, SAML, LDAP, KERBEROS, etc.).
• Experience implementing security practices in Software-as-a-Service (SaaS) CI/CD pipeline.
• Knoweldgeable with Application Containerization Technologies, including Docker Image Build capabilities, Image Security Validation, Image Signing and Attack Surface Reduction.
• Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP, MITRE ATT&CK , CERT Secure Coding Standards.
• Experience using SAST, DAST, and SCA platforms.
• Experience with the secure implementation of OAuth2 Flows: Authorization Code Flow, Client Credentials Flow, Device Code flow, etc.
• Security knowledge in the area of enterprise communication protocols and data exchange technologies, e.g.: AMQP (Advanced Message Queuing Protocol), MQTT, Web Sockets, etc.
• Experience with Product Security Incident Response.

Basic Qualifications

• Bachelor s Degree in Computer Science or STEM related field
• Minimum of 3 years working as Technical Product Manager or Product Security Engineer/Lead
• Software development experience (Java, Java Script)
• Good written and verbal communication skills.
• Knowledge of Windchill would be an added advantage but not essential.

,

Keyskills :
secure codingtechnical product managementproduct securitysecurity incident responsesecure sdlcidentity access managementdata exchangethreat modelingcomputer science