Product Security Manager

Greetings of the day..!

Momento USA is a global technology consulting, talent acquisition and creative development firm that addresses clients' most pressing needs and challenges. We are currently looking for Security Product Manager - Remote

Role: Product Security Manager
Client: McAfee
Location: Remote (Anywhere in the US)
Experience: 8 10 years

About the Role:

The Product Security Manager is a strategic and hands-on leader responsible for driving product security risk reduction across the engineering organization. This role oversees a team of Product Security Engineers and partners closely with engineering leadership to ensure secure design, development, and delivery practices are embedded throughout the product lifecycle.

You will lead threat modelling initiatives, guide risk discussions with engineering leaders, and mature security controls, tooling, and governance to reduce vulnerabilities at scale. This role is ideal for a seasoned security or engineering professional who excels at building relationships, influencing technical teams, and driving security outcomes through both strategy and execution.

Key Responsibilities Leadership & Program Ownership

• Lead, mentor, and develop a high-performing team of Product Security Engineers.
• Establish and drive a product security strategy focused on measurable risk reduction.
• Set priorities, manage team workload, and ensure consistent execution across products.
• Develop KPIs and reporting mechanisms that clearly communicate security risk posture to engineering leadership and executives.

Engineering Partnership & Communication

• Serve as the primary security advisor to engineering directors, product owners, and architects.
• Communicate technical risks in clear, business-aligned terms to influence prioritization and roadmap decisions.
• Build strong relationships across engineering to promote a culture of secure-by-design development.
• Facilitate and lead cross-functional conversations on emerging risks, architectural decisions, and critical vulnerabilities.

Secure Development Lifecycle & Risk Reduction

• Oversee security integration across the product lifecycle, ensuring secure design, development, and testing practices are consistently applied.
• Lead and scale threat modeling programs for new features, services, and architectural changes.
• Drive risk assessment processes for third-party integrations, AI-powered features, and platform changes.
• Guide teams in prioritizing vulnerabilities based on exploitability, impact, and business context.

Technical Execution & Tooling

• Manage the Product Security tech stack (SAST, SCA, secret scanning, DAST, dependency management).
• Partner with engineering to tune and mature detection rules, reduce noise, and ensure findings are actionable.
• Oversee development of automation, internal tooling, and CI/CD integrations that support efficient detection, triage, and remediation.
• Ensure the team performs high-quality manual security reviews, including code analysis, architecture reviews, and targeted penetration testing where needed.

Governance, Enablement & Culture

• Drive security education, secure coding training, and engineering enablement initiatives.
• Champion NHI Governance and other product security governance programs that increase engineering accountability and reduce long-lived exposures.
• Work with cross functional stakeholders to align product security practices with organizational risk management objectives.

About the Candidate:

• Proven experience in product/application security, software engineering, or security architecture, with the ability to engage deeply in both technical and strategic discussions.
• Experience leading and developing technical security teams.
• Strong communicator capable of influencing engineering leaders and translating security risks into clear, actionable guidance.
• Hands-on understanding of secure design principles, modern application architectures, and common vulnerability classes (OWASP, cloud security, AI/LLM risks, etc.).
• Working knowledge of engineering workflows: Git/GitHub, pull requests, CI/CD pipelines.
• Familiarity with SAST, SCA, DAST, secrets scanning, dependency management, and related tooling.
• Ability to drive alignment across multiple teams and balance long-term improvements with tactical needs.
• Passionate about enabling developers to build secure products through tooling, automation, and education.

Note: Momento USA is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.