Manager, Cybersecurity & IT Risk ensuring audits and risk management practices at CNB. Collaborating with teams to address cybersecurity and IT controls issues effectively.
About the role
- Senior Product Security Engineer overseeing product security for a growing SaaS company. Challenging role leading security initiatives and collaborating across development teams to fortify applications and infrastructure.
Responsibilities
- Lead secure architecture reviews and threat modeling for new features, major changes, and sensitive workflows/integrations, translating outcomes into concrete mitigations teams can ship.
- Build and evolve secure “paved road” components—standards, defaults, and reusable frameworks—so the secure path is the easiest path.
- Integrate and tune automated controls in CI/CD to prevent vulnerabilities from reaching production.
- Improve developer experience by making security tooling and guardrails easy to use, and serve as a trusted security partner by providing practical guidance so teams can ship secure features faster and reduce repeat issues.
- Perform targeted code reviews and assessments on high-risk areas to proactively identify security issues.
- Continuously improve the processes for intake, prioritization, resolution, and recurrence prevention of vulnerabilities. Coordinate external penetration tests and vulnerability disclosure submissions.
- Partner with DevOps/platform teams to harden infrastructure and embed practical guardrails that reduce risk across cloud environments, IAM, Kubernetes, and deployment pipelines.
- Improve dependency and third-party risk management through scalable workflows that reduce exposure and speed response.
- Define lightweight, outcome-based metrics to focus effort on the highest-impact risk reductions.
- Implement AI-assisted security workflows to improve early detection, reduce noise, and accelerate remediation, with human verification.
- Support triage of infrequent security events impacting the product, and drive post-incident learnings into preventative controls.
Requirements
- 5+ years of experience in product security, application security, security engineering, or equivalent experience as a software engineer or architect with substantial security ownership.
- Hands-on software development experience and the ability to read and write production code in one or more languages (e.g., Python, C#, Ruby, JavaScript/TypeScript).
- Security certifications (e.g., OSCP, OSWE, cloud security certifications) are helpful but not required—demonstrated impact matters most.
Benefits
- Health insurance
- Paid time off
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Technical Leader overseeing security for Product and Cloud at Tempo. Leading team, engaging with partners, ensuring compliance, fostering innovations in security practices.
Senior Cybersecurity Advisor providing support to threat and vulnerability analysts at Exposant 3 in a hybrid work model. Collaborating on incident responses and vulnerability management in a dynamic team.
Financial Security Advisor at RBC Insurance connecting clients with comprehensive insurance solutions. Building client relationships and leveraging RBC’s brand to grow the market.
Senior IAM Systems Support Analyst responsible for deploying and improving IAM services at RBC. Supporting MFA systems and ensuring platform reliability while collaborating with various teams.
Senior Manager overseeing IAM initiatives and strategic roadmap execution at RBC. Partnering with stakeholders to enhance organizational capabilities in Identity and Access Management.
Senior Internal Controller in information security defining security strategies and conducting risk analysis. Participating in audits and controls for a multidisciplinary firm in Canada.
Senior Security Consultant specializing in penetration testing at TEHORA. Defining security strategies and conducting risk analyses and audits.
Product Manager responsible for managing Microsoft Security Services portfolio at Softchoice. Engaging with customers, Microsoft and stakeholders to drive market success and growth.