Director, Product Security

We are a global team of innovators and pioneers dedicated to shaping the future of observability. At New Relic we build an intelligent platform that empowers companies to thrive in an AI-first world by giving them unparalleled insight into their complex systems. As we continue to expand our global footprint were looking for passionate people to join our mission. If youre ready to help the worlds best companies optimize their digital applications we invite you to explore a career with us!

Your opportunity

Do you want to drive the future of innovative product security capabilities that customers can trust to run their business Interested in leading a stellar product security team for a rapidly scaling SaaS business Then were very interested in speaking with you!

Our new security leader will drive a comprehensive product security roadmap for customer trust and assurance. As a key member of the Chief Information Security Officers staff you will build a solid foundation for the product security ecosystem while executing on critical priorities. This is a critical leadership role for an individual who deeply understands the technical challenges of rapid product delivery and can embed security as a foundational element of our engineering culture.

You will be the vital link between Engineering Product Management and Security. This role will visibly represent the New Relic Security Team throughout the company working with product managers engineering leadership industry thought-leaders and customers.

What youll do

Strategy & Execution

• Work closely with the CISO to provide leadership forproduct security strategy execution product security architecture and the secure engineering ecosystem.
• Help build and deliver on the CISOs vision for the growth of information security programs such as SDLC audit logging product security standards security testing and bug bounties.
• Own and Execute the Product Security Strategy defining a clear actionable roadmap that aligns with business goals and reduces organizational risk.
• Act as the principal security advisor to Engineering and Product leadership translating high-level product strategy into technical security requirements and engineering practices.

Engineering & DevSecOps Leadership

• Drive DevSecOps Adoption by architecting and leading the implementation of our DevSecOps program integrating security testing validation and controls seamlessly into the CI/CD pipeline17.
• Leverage deep experience with a broad range of development build and deploy systems (e.g. Jenkins GitLab CI Kubernetes) to identify and eliminate security friction points.
• Design implement and run an effective Product Vulnerability Management lifecycle from automated scanning and triage to developer remediation and verification.
• Work directly with development teams to improve and scale secure coding practices focusing on developer experience and automation.

Governance & Team Growth

• Feed and grow a global security organization that motivates team members to face challenges and deliver significant work.
• Coach and mentor managers and team members by understanding their career goals and providing opportunities for professional growth.
• Drive security collaboration with partners in Legal Data Compliance and Privacy to develop and execute policy and controls related to product development software supply chain open-source and mergers & acquisitions.
• Build partnerships with product engineering go-to-market and sales leaders to deliver on security initiatives.
• Provide leadership and confidence during Product security incidents.
• Develop and deliver internal security scorecards for use with executive and board reporting.
  
  

This role requires

• 10 years of technical hands-on security experience or security program management.
• Deep Engineering Background: Substantial hands-on experience in software engineering and development roles prior to or integrated with security leadership (i.e. you can speak the language of engineers).
• Demonstrated ability leading multiple managers and teams.
• SaaS Product Delivery Experience: Proven track record of securing rapidly scaling SaaS products delivered on cloud platforms.
• Strong product security program planning project management and execution skills.
• DevSecOps Mastery: Extensive practical experience designing and implementing advanced DevSecOps toolchains and methodologies.
• A background involving open-source security vulnerability disclosure SaaS cloud security technologies product incident response and a deep understanding of risk and threat assessments.
• Experience identifying and resolving potential security issues involving compliance mergers and acquisitions and regulatory issues as related to Software as a Service (SaaS).
• Demonstrated communication skills with detailed technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.

Bonus points if you have

• Experience defining documenting and implementing controls required for compliance frameworks such as FedRAMP HIPAA and/or ISO 27001.
• Demonstrated success with achieving cross-organizational security goals.
• A history of publishing public speaking and involvement with security industry working groups.
• Experience with assessing/building multi-year roadmaps/advancing cybersecurity program maturity.

Please note that visa sponsorship is not available for this position.

#LI-JH1

Fostering a diverse welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best most authentic selves to work every day. We celebrate our talented Relics different backgrounds and abilities and recognize the different paths they took to reach us including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. Were looking for people who feel connected to our mission and values not just candidates who check off all the boxes.

If you require a reasonable accommodation to complete any part of the application or recruiting process please reach out to .

We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success including fully office-based fully remote or hybrid.

Our hiring process

In compliance with applicable law all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including but not limited to theSan Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic develops and distributes encryption software and technology that complies with U.S. export controls and licensing requirements. Certain New Relic roles require candidates to pass an export compliance assessment as a condition of employment in any global location. If relevant we will provide more information later in the application process.

Candidates are evaluated based on qualifications regardless of race religion ethnicity national origin sex sexual orientation gender expression or identity age disability neurodiversity veteran or marital status political viewpoint or other legally protected characteristics.

Review our Applicant Privacy Notice at Experience:

Director