Mcafee Director Product security 

United States, Texas, Frisco 

90205241

This is a Hybrid position located in either San Jose, CA or Frisco, TX. You will be required to be onsite on an as-needed basis, typically 1 to 6 times a month. We are only considering candidates within a commutable distance to one of the two locations and are not offering relocation assistance at this time.

About the role:

• Strategy and Leadership:

  • Drive the development and execution of the product security strategy in close partnership with the OCISO organization, ensuring alignment with broader corporate security objectives and adherence to industry security standards and regulatory requirements (e.g., GDPR, PCI, HIPAA, SOC2).

  • Lead and mentor a growing product security team, fostering a culture of security excellence across the company.

  • Act as a strategic advisor, offering insights on industry best practices, emerging security risks and opportunities for improvement.

• Security Architecture and Design:

  • Drive the concept of data privacy by design, ensuring that products incorporate privacy controls from the outset.

  • Conduct security assessments, threat modeling, and risk analysis for products and applications.

  • Develop and enforce secure coding standards, best practices, and security requirements.

  • Ensure adherence to security best practices, with a focus on database security, the integration of SaaS solutions, and third-party reviews.

• Vulnerability Management:

  • Oversee and manage the identification, analysis, and remediation of security vulnerabilities across the product portfolio.

  • Ensure that security testing (e.g., static code analysis, dynamic analysis, penetration testing) is integrated into the development lifecycle.

• Incident Response and Risk Management:

  • Lead product security incident response efforts, including investigation, containment, and remediation.

  • Develop and maintain risk management processes, ensuring that security risks are identified, evaluated, and mitigated appropriately.

• Collaboration and Communication:

  • Partner with product managers, engineers, and other key stakeholders to ensure security is a priority at all stages of product development.

  • Communicate complex security topics effectively to non-technical stakeholders and executives.

  • Work with legal and compliance teams to ensure products meet regulatory requirements and industry standards

• Continuous Improvement:

  • Stay current with the latest security trends, tools, and technologies, applying new insights to improve product security.

  • Drive continuous improvement of security processes and practices, ensuring alignment with industry best practices.

About you:

• Minimum of 10+ years of experience in product security, software development, or related technical fields.

• At least 5 years of leadership experience managing and growing security teams.

• Proven track record of developing and executing product security strategies for a variety of products in a complex technology environment.

• Strong understanding of software development practices and experience working with modern development frameworks (e.g., Agile, DevOps).

• Experience working with the Information Security Organization (OCISO) and collaborating with GRC, Architecture, SOC, and Data Privacy teams.

• Deep understanding of security vulnerabilities, threats, and mitigation strategies (e.g., OWASP Top 10, secure coding practices).

• Expertise in threat modelling, risk assessment, and incident response, with a proactive approach to identify and mitigate security risks.

• Experience with secure coding practices and conducting security audits and assessments to ensure compliance with security policies.

• Extensive experience in securing cloud environments, including AWS, GCP, and other cloud platforms, with a strong understanding of cloud security best practices, IAM, data encryption, infrastructure security, and implementing cloud-native security controls to ensure compliance with relevant standards and frameworks (e.g., AWS Well-Architected Framework, GCP Security Best Practices).

• Hands-on experience with security tools (e.g., SAST, DAST, IAST, and SCA, penetration testing, vulnerability management).

• Experience with infrastructure as code (IaC) tools such as Terraform, with Linux systems, containerization technologies (Docker, Kubernetes)

• Strong knowledge of encryption, authentication, and authorization mechanisms.

• Preferred: CISSP (Certified Information Systems Security Professional), CISM, CompTIA Security+, CEH (Certified Ethical Hacker), or equivalent security certifications.

• Preferred: AWS Certified Security Specialty, or equivalent cloud security certification, is a plus.

We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Bonus Program
• Pension and Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement