Product Security Engineering Principal

Centurion is looking for Cyber Product Security Engineering Senior Manager out of Bloomfield, CT.

Position Summary:
We are seeking a visionary Senior Manager to lead and expand our Product Security Tools Automation team. This role will be pivotal in shaping and executing our strategy for integrating and automating security tools within DevSecOps pipelines. The successful candidate will have extensive experience with SAST, DAST, and SCA tools and will be responsible for managing a team of security experts, prioritizing initiatives, and driving the evolution of our security practices. This role is integral to advancing health services and transforming the healthcare delivery system in the United States.

Job Description & Responsibilities:

• Define and execute the vision and strategy for integrating and automating security tools within CI/CD pipelines. Align team objectives with broader organizational goals and drive technological advancements.
• Lead, mentor, and grow a high-performing team of security professionals. Foster a collaborative environment, encourage professional development, and ensure the team is equipped to meet evolving security challenges.
• Oversee the prioritization and management of multiple security automation projects. Ensure resources are allocated effectively and projects are delivered on time, within scope, and aligned with strategic objectives.
• Direct the design, development, and implementation of automated security solutions. Ensure the successful integration and management of SAST, DAST, and SCA tools across various development pipelines.
• Provide strategic guidance on the architectural design and implementation of secure software and systems. Ensure that security measures are robust and integrated seamlessly.
• Lead advanced security assessments, threat modelling, and vulnerability analysis.
• Build strong relationships with cross-functional teams to promote a culture of security. Provide technical guidance and collaborate on implementing security best practices.
• Stay informed on emerging security trends, threats, and technologies. Drive continuous improvement in security strategies and practices, ensuring they remain cutting-edge and effective.
• Ensure adherence to industry standards and regulatory requirements. Manage risk and governance processes to maintain compliance and protect organizational assets.
• Optimize the security efficiency of application assets, focusing on operational performance and cost-effectiveness. Implement best practices to enhance the security posture across the organization.

Experience Required:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• 10 years of experience in cybersecurity, with a deep focus on application and product security.
• Demonstrated expertise in automating security solutions within development pipelines (CI/CD) at a strategic level.
• Extensive experience with security tools such as SAST, DAST, and SCA, including leading multiple pipeline integrations.
• Strong background in software development, with advanced skills in coding and building security solutions.
• Proven experience in leading complex pipeline integrations and understanding various pipeline touchpoints.
• Experience with cloud environments (AWS, Azure, Google Cloud) is highly desirable.
• Deep knowledge of secure software development practices and principles.
• Industry certifications such as CISSP, CISM, CEH, or similar are highly preferred.
• Exceptional communication, relationship-building, and strategic negotiation skills.
• Ability to excel in an Agile environment and manage multiple high-priority projects effectively.

Experience Desired:

• Experience with security tools and platforms such as static analysis (SAST), dynamic analysis (DAST), and runtime application self-protection (RASP).
• Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security automation and orchestration.
• Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Shell scripting).
• Ability to manage and prioritize multiple projects in a fast-paced environment.

Education and Training Required:

• Advanced degree (Master’s or higher) in Computer Science, Information Security, or a related field.
• Relevant industry certifications.
• Additional training in secure software development, application security, and risk management is highly desirable.

Primary Skills:

• Advanced expertise in secure software development practices, application security, and security tool integration.
• Proficiency in Angular and Java for security-related software development and integration.

Additional Skills:

• Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
• Hands-on experience with application security frameworks and tools, including security automation and orchestration.