Key Responsibilities:
Program Management:
Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle.
Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity.
Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction.
Security SDLC and Vulnerability Management:
Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage.
Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments.
Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution.
Cross-Functional Collaboration:
Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects.
Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders.
Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines.
Risk and Compliance Management:
Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required.
Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity.
Proactively identify and manage security risks through effective mitigation planning and ongoing tracking.
Process Improvement and Tooling:
Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness.
Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process.
Metrics and Reporting:
Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response.
Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes.
Qualifications:
Education:
Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Master’s preferred).
Experience:
8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level.
Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions.
Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices.
Technical Expertise:
In-depth knowledge of software development methodologies, including Agile and DevSecOps principles.
Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode).
Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles.
Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus).
Leadership and Collaboration:
Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders.
Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike.
Demonstrated ability to influence without authority and lead by example.
Problem Solving and Decision Making:
Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment.
Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities.
Preferred Qualifications:
Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA).
Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar.
Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques.
Knowledge of networking and application delivery technologies (F5 experience is a plus!).
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
משרות נוספות שיכולות לעניין אותך