Position Summary:
We are looking for a highly skilled Product Security Senior Advisor to join our team, focusing on security strategy, architecture, and implementation across our enterprise systems and product development lifecycle. This role will work directly with cross-functional teams to integrate security tools within our development pipelines, ensuring robust security measures are in place across our products and applications. This role is hands-on and strategic-requiring deep technical expertise, strong cross-functional collaboration, and the ability to manage and influence security initiatives across product, engineering and operations teams. This individual will contribute to major technology initiatives aimed at revolutionizing health services and the healthcare delivery system working from HIH.
Experience Required:
- 13 - 16 years of experience in cybersecurity, with a focus on application and product security
- Bachelor or Master degree in Computer Science, Information Security, or a related field.
- Proven expertise in automating security solutions within development pipelines (CI/CD)
- Design and Implement automation workflows to secure systems, applications and infrastructure.
- Integrate security testing and compliance checks into build workflows (GitHub Actions, GitLab, CI/CD, Jenkins, ArgoCD, Tekton)
- Strong understanding of modern software delivery, DevSecOps, Cloud, and Infrastructure-as-code.
- Proven ability to collaborate cross-functionally with Product, Engineering, and IT teams.
- Partner with Product Managers and Engineering Leads to embed security early in the product and application lifecycle.
- Translate technical risks into business impact and recommend actionable mitigations.
- Support audits and compliance efforts related to SOC 2, HIPAA, or GDPR.
- Develop and maintain security policies, procedures, and documentation and adhere to the Enterprise standards and compliance.
- Strong understanding of various pipeline touchpoints and integration methods.
- Cloud experience (AWS, Azure, Google Cloud) is highly desirable.
- Familiarity with modern security technologies, practices, and standards.
- Strong knowledge of secure software development practices and principles.
- Experience in managing the scrum process (e.g., Jira projects, Kanban board etc)
- Excellent leadership and team management skills.
- Strong communication, relationship-building, and negotiation skills.
- Ability to work effectively in an Agile environment.
- Strong presentation, documentation and analytical reporting skills and expert in using Mural, Visio, Tableau, Advanced Excel features, PowerPoint, MS Project, PowerBI and other such tools.
Job Description & Responsibilities:
- Collaborate daily with development teams to identify and address security needs.
- Design, develop, and implement automated security solutions within CI/CD pipelines.
- Assist in the architectural design and implementation of secure software and systems.
- Understand security assessments, threat modeling, and vulnerability analysis to ensure robust security measures.
- Develop and maintain security testing services and tools to support secure development practices.
- Provide technical guidance and support to development teams on security best practices.
- Stay updated on the latest security trends, threats, and technologies to continuously improve our security posture.
- Foster strong communication and collaborative relationships with development teams to promote a culture of security.
- Ensure compliance with industry standards and regulatory requirements.
- Minimum 2 years of experience in managing the teams, scrum and project management skills.
- Maximize the security efficiency (operational, performance, and cost) of application assets.
- Cultivate strong cross-functional relationships to promote a culture of security throughout the organization.
- Optimize the security efficiency of application assets, focusing on operational, performance, and cost considerations
Experience Desired:
- Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS).
- Hands-on experience with security automation and orchestration.
- Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Ansible, Shell scripting).
- Experience in managing teams, projects and scrum meetings.
- Knowledge of SDLC, ITIL, Operational process and tools (e.g., ServiceNow), Microsoft Office 365.
- Good knowledge of Sec Arch, Vulnerability Management, Cloud Security, and ASPM tools.
- Stay current on emerging threats, vulnerabilities, and security technologies
- Ability to manage and prioritize multiple projects in a fast-paced environment.
Education and Training Required:
- Advanced degree (Master or higher) in Computer Science, Information Security, or a related field.
- Relevant certifications (e.g., CISSP, OSCP, CEH, AWS/Azure Cloud Security Practitioner)
- Additional training in secure software development, application security, and risk management is highly desirable.
Additional Skills:
- Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services.
- Managing projects in Jira, running scrums and communicating the status to the leaders.
- Hands-on experience with application security frameworks and tools, including security automation and orchestration.
Project Management:
- Lead and manage cybersecurity projects from initiation to completion, ensuring they are delivered on time.
- Develop detailed project plans, including timelines, milestones, and resource allocation.
- Coordinate with cross-functional teams, stakeholders, and vendors to ensure project objectives are met.
- Monitor and report on project progress, addressing any issues or risks that may arise
