Expoint – all jobs in one place
מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר
Limitless High-tech career opportunities - Expoint

F5 Principal Technical Program Manager 
India, Telangana, Hyderabad 
291043449

Yesterday

Key Responsibilities:

  • Program Management:

    • Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle.

    • Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity.

    • Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction.

  • Security SDLC and Vulnerability Management:

    • Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage.

    • Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments.

    • Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution.

  • Cross-Functional Collaboration:

    • Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects.

    • Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders.

    • Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines.

  • Risk and Compliance Management:

    • Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required.

    • Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity.

    • Proactively identify and manage security risks through effective mitigation planning and ongoing tracking.

  • Process Improvement and Tooling:

    • Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness.

    • Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process.

  • Metrics and Reporting:

    • Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response.

    • Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes.

Qualifications:

  • Education:

    • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Master’s preferred).

  • Experience:

    • 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level.

    • Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions.

    • Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices.

  • Technical Expertise:

    • In-depth knowledge of software development methodologies, including Agile and DevSecOps principles.

    • Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode).

    • Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles.

    • Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus).

  • Leadership and Collaboration:

    • Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders.

    • Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike.

    • Demonstrated ability to influence without authority and lead by example.

  • Problem Solving and Decision Making:

    • Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment.

    • Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities.

Preferred Qualifications:

  • Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA).

  • Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar.

  • Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques.

  • Knowledge of networking and application delivery technologies (F5 experience is a plus!).

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.