The Director of Product Security will continue to drive and advance set the overall product security strategy for Carbon Black, the Security Business Unit of VMware.  This position is separate but complementary to VMware’s corporate security function and will focus on driving the continuing evolution of our internal product security program.  This individual will work with product management and engineering leadership to ensure that our internal product security program continues to be effective in response to the ever-changing threatscape that VMware Carbon Black faces as we grow.  

The qualified candidate will have deep technical knowledge of the security issues that surround both cloud hosted (SaaS) service offerings, hybrid and on-prem software products, and will be able to communicate effectively with product development teams, senior leadership, customers, and corporate security functions. 

What you and the team you lead will do 

• Validate and improve our Secure Software Development Lifecycle and global regulatory compliance  

• Evolve and execute product security strategy 

• Recruit and manage the VMware Carbon Black Product Security team and administer its processes 

• Track to resolution open security and vulnerability items 

• Define and manage secure design, coding, testing, deployment, maintenance, and governance practices, including code analysis and audit 

• Collaborate with VMware corporate Product Security, aligning and integrating processes and tooling 

• Manage internal and third-party penetration tests 

• Coordinate and manage lifecycle of reports through the Carbon Black bug bounty program 

• Manage internal and external vulnerability analysis programs 

• Work as a complement to corporate security operations to define and maintain a cohesive monitoring and response program for all Carbon Black Cloud Hosted Services 

• Work alongside Product Management to maintain, execute, and prioritize a product security feature backlog 

• Collaborate with Architecture and Engineering teams to ensure the products are designed, implemented and operated to provide continuity in the face of an attack 

• Support the Go To Market organization in responding to security questions as part of the RFP process 

• Work alongside Carbon Black Threat Analysis Unit to investigate and mitigate potential bypass and exploit techniques 

• Efficiently and effectively evaluate and communicate product security posture to the Carbon Black Product team, with recommendations and prioritization as required 

• Manage relationships with the greater external research community in terms of responding to disclosures.    

What You'll Bring 

 The successful candidate will be deeply technical, with a focus on both engineering practices and policy application and also have: 

• Bachelor's degree in Computer Science, or related Field; Master’s Degree a plus 

• 10-15 years experience in both software engineering and security related field 

• Certifications: CISSP , CISM, or related is a plus 

Category : Engineering and Technology
Subcategory: Product Dev Management
Experience: Business Leadership
Full Time/ Part Time: Full Time
Posted Date: 2020-07-29

VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.

Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.