Director, Advanced Product Security
- Application Security
- Threat Modeling
- Secure Code Review
- OWASP Top 10
- OWASP ASVS
- OWASP SAMM
- Exploit Development
- Java
- Spring Framework
- .NET
- Python
- JavaScript
- SAST
- DAST
- Static Analysis
- Dynamic Analysis
- Penetration Testing
- Secure SDLC
- Reverse Engineering
- Authentication & Authorization
- CI/CD Security
- Cloud Security
- API Security
As Director of Advanced Product Security, you will build and lead a global team of security engineers with strong development backgrounds, responsible for conducting deep, hybrid security assessments that integrate threat modeling, attack modeling, and white-box reviews to uncover systemic weaknesses in complex software and systems.
You will champion a hybrid assessment methodology integrating OWASP ASVS and SAMM practices for design- and code-level assurance. This includes guiding white-box security assessments such as secure code review, static and dynamic analysis, and logic flow tracing to uncover vulnerabilities including authentication/authorization bypasses, complex business logic flaws, injection, deserialization, and insecure object references.
A key responsibility is conducting advanced vulnerability research, developing exploit code, and reverse engineering solutions to identify attack entry points and implement rapid remediation. You will write custom detection rules leveraging corporate and open-source SAST solutions, and develop proof-of-concept exploits or attack chains to validate vulnerabilities and demonstrate business impact.
You will work closely with the Global Penetration Testing team to align assessment roadmaps, share intelligence on emerging attack vectors, and co-develop evaluation methodologies. Identifying systemic security issues in software architecture, frameworks, and reusable components and driving pattern-based fixes and secure-by-design guidance is essential.
The role requires mentoring a high-performing global team of security engineers, fostering technical excellence and continuous learning, and partnering with Product, Architecture, and Engineering leadership to align assessment outcomes with enterprise risk management and product release decisions.
