Sr. Director, Product Security

Who are you? You are a proven senior leader and hands-on software engineer. You enjoy the balance of leading with mentoring a team of rockstars and rolling up your sleeves to join in troubleshooting and incident response efforts. You can still write and review code. You are a security expert and lifelong learner, well-versed in the latest threats. You are a leader that has a track record of achieving alignment with product and engineering teams, mitigating risks while enabling the business. You subscribe to the shift-left security philosophy, enabling engineers and developers to be secure and mitigate risks early in the software development lifecycle. You are an expert communicator and kind, team player.

You will be working remotely, with required monthly travel to our NYC headquarters.

What You'll Do:

• Lead the advancement of Ro’s product and platform security functions.
• Collaborate with key stakeholders across product, engineering, operations, and counsel to integrate trust and security principles throughout the ecosystem.
• Build upon and maintain our risk management framework to ensure the continual assessment of product and platform security risks. Establish and maintain repeatable patterns and processes that scale.
• Achieve a shift-left security culture by empowering developers via self-help tools, automated tests throughout the SDLC, threat modeling, and furthering our security-as-code initiatives.
• Conduct risk assessments of digital healthcare products and underlying platform components, identifying potential vulnerabilities and recommending risk mitigation strategies.
• Lead the threat modeling, application security, vulnerability disclosure, bug bounty, and client-side security programs.
• Build, maintain, and execute a robust security education program. Provide training, brownbags, secure code examples, and self-help resources that enable developers to deliver magic.

What You'll Bring:

• 12+ years of security engineering and hands-on development experience operating a modern tech stack/security tools
• Demonstrated track record leading product security, application security, and secure software development
• Master's degree in computer science/engineering or commensurate experience
• Strong interpersonal skills with the ability to build and maintain alignment with cross-functional partners
• Proven ability to execute security roadmaps through partnerships with business leaders and project managers
• Hands-on experience working with contemporary CI/CD development products (e.g. GitLab, GitHub, Jenkins, Sonarqube, Snyk, etc.)
• Experience in or familiarity with Java, Python, iOS, Android, JavaScript (NodeJS)