Sr Manager, Product Security

You know the moment. It's the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying "hello." It's in these moments that sound matters most.

At Bose, we believe sound is the most powerful force on earth. We've dedicated ourselves to improving it for nearly 60 years. And we're passionate down to our bones about making whatever you're listening to a little more magical.

The Information Technology team at Bose exists to deliver valuable and reliable business and technology solutions with an innovative, engaged, and collaborative team focused on contributing to our corporate vision.

Job Description

About Bose

You know the moment. It's the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying "hello." It's in these moments that sound matters most. At Bose, we believe sound is the most powerful force on earth. We've dedicated ourselves to improving it for nearly 60 years. And we're passionate down to our bones about making whatever you're listening to a little more magical.

About the Role

The Product Security manager will drive multi-disciplinary activities focused on supporting a secure product development lifecycle as part of Bose's broader vision to maintain a world-class secure product portfolio. Role responsibilities will be organized across three (3) primary focus areas: strategic design and thought leadership around the fundamentals of the Product Security program, optimization of product security engineering practices, and management of product security operations. This includes design, management of implementation and operations of people, processes, and technologies focused on embedding cybersecurity best practices into Bose products and services. Proactively managing oversight of functions for modeling, identification, and remediation of security issues in Bose software, hardware, and services. Ensure security and privacy of customer data for software services, device hardware, on-device software/firmware, and applications while serving as the strategic liaison between Product teams and Bose Legal.

Location: Atlanta, GA, | Bloomfield Hills, MI, | Framingham, MA | Remote

Please Note: No visa sponsorship/support is available for the role.

Primary Responsibilities:

• Execute on product security strategies, roadmaps, and maturity with current and future business models

• Embeds product security practices into engineering lifecycles from early planning, through launch, and beyond

• Ensures product generations remain secure and reliable during full lifetimes, increasing lifetime value and decreasing friction of adoption

• Provide product security expertise and technical direction for product security initiatives defined by the business

• Oversee efforts to conduct product security risk assessments and risk response processes

• Provide guidance and support to product development teams throughout the product development lifecycle on a variety of security requirements

• Build strong partnerships with counterparts in Enterprise Security, Architecture and Engineering, Governance & Risk, business operations units, Legal, and with compliance stakeholders

• Manage development of portfolio security strategy and capability planning

• Manage product security architectural blueprint development to guide engineering

• Management of product security talent, culture development, change management, and incentive structures

• Platform trust, safety, compliance, and cross-product governance and reporting

• Secure product development to include risk assessments, threat modeling, architecture reviews, and security requirements development

• Oversee development security operations (DevSecOps), to include environment and code scanning

• Manage security validation and verification which includes internal and 3rd party product penetration testing

• Development of supply chain security analysis and strategy

• Security update planning with the Chief Information Security Officer (CISO)

• Oversee product line specific trust, safety and security, and privacy compliance

• Manage the organizational interface to the security researcher community, to include bug bounty management, exploit analysis and reverse engineering

• Oversee functional development and enhancement of the product vulnerability management program

• Oversee the design, build, and management of the product security components of the Security Operations Center and govern product security monitoring capabilities

• Oversee the design, build, and management of the Product Security Incident Response (PSIRT) function

About You

• Leadership experience managing a team of Security Engineers focused within Product Security

• Technical expert, with experience consulting other teams on product security best practices

• Demonstrated expertise in recruiting and managing a team of experienced engineers on complex projects

• Experience analyzing systems and identifying security problems, threat modeling, code auditing, data security and design, and security and privacy unified reviews (SPUR)

• Excellent leadership, communication (written and oral) and interpersonal skills

• Strong organizational skills and analytical and problem-solving skills

• Strong organizational skills to juggle multiple tasks within the constraints of timelines and budgets with business acumen

• Ability to work and thrive in a fast-paced environment, learn rapidly, and master diverse technologies and techniques

• Experience in technology strategy or consulting

• Proven success in contributing to a team-oriented environment

• Proven ability to work creatively and analytically in a problem-solving environment

• Minimum requirement for this U.S.-based position is the ability to work legally in the United States

• No visa sponsorship/support is available for this position, including for any type of U.S. permanent residency (green card) process

Other Preferred Qualifications:

• Bachelor's degree in Computer Science, Information Technology/Management, or related fields are a plus, but not required; practical experience is taken into consideration

• Experience with both automated (i.e., SAST, DAST) and manual secure code reviews (penetration testing)

• Understanding of 'Secure by Design' principles and secure development frameworks (e.g., BSIMM, SANS, OWASP)

• Deep knowledge of Product security architecture and design, product threat modeling and risk management

• Industry product knowledge in any of the following areas: Automotive, Consumer Products, Health, Electronics

• Product security assessments for hardware devices, endpoints and mobile, applications and SaaS

• Product security SDLC and DevSecOps integration

• Product IaaS, PaaS, and container security

• Knowledge of consumer IoT (Internet of Things) and OT (Operational Technology) security

• Strong understanding of enterprise security control frameworks (e.g., NIST, ISO)

• Strong understanding of cybersecurity risk frameworks (e.g., FAIR)

• 2 years of experience supervising an engineering and/or security engineering team for a distributed organization

• 5+ years of experience in information security and 3+ years in a leadership role

• CISSP - Certified Information Systems Security Professional

"Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process. If you believe you need a reasonable accommodation, please send a note to wellbeing@bose.com"

#LI-MT2

Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company's pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to Wellbeing@bose.com and let us know the nature of your request and your contact information.

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process.

If you believe you need a reasonable accommodation, please send a note to wellbeing@bose.com