Senior Security Product Manager
BlackBerry is passionate about Security. Are you?
The Security of BlackBerry products is not just part of our heritage; BlackBerry Secure is a passion that runs deep throughout the company. We continue to envision, enable, and secure new forms of communication that connect the world in extraordinary ways. We have the most sophisticated end-to-end solutions, and our ideas lead the way in the hottest markets like cybersecurity and autonomous vehicles. We operate around the principle that Security should be integrated throughout all stages of the development process and not left as an afterthought. Security is the heart of what we do.
BlackBerry's Product Security Research & Development team is seeking a Senior Security Product Manager to help ensure BlackBerry's products and services are developed to meet or exceed industry security standards. The incumbent will develop business requirements and security software maintenance objectives to align with the complex landscape of current and upcoming industry regulations and compliance programs/standards. Ultimately, working across organizations to deliver global government and legislative requirements within the software security space, this position will drive requirements and guidance to product engineering teams to ensure BlackBerry remains competitive and responsive to customer needs. As an expert in secure software development, this position will own and deliver BlackBerry's security development lifecycle policy and standards.
We are looking for a motivated self-starter with a passion for software security which is continually looking to learn about new technologies. We are looking for someone who enjoys influencing teams that partner and influence to develop products with the highest levels of Security. In return for your talent and enthusiasm, we will provide you with a broad security playground, the opportunity to learn and take on self-directed projects, and the excitement of contributing to the success of industry-leading secure software solutions!
Do you want to work for a company where Security is the number one priority? Do you have a deep interest in all-things-security and a desire to keep growing your knowledge and influence? If so, join us!
- Identify and understand relevant industry requirements for security product development, and guide product engineering teams through the requirements specification
- Collaborate with internal teams to understand their needs; advocate for secure design in products, and understand the total addressable market they impact
- Contribute to an enterprise-wide software security compliance program through developing and leading policy hierarchy, standards development, controls definition, assessment, and process oversight
- Ensure that software security development standards align to industry frameworks and programs such as NIST SSDF, FedRAMP, SOC2, ISO-27000, ISO-21434, FIPS, NIAP, and EO14028
- Cultivate a catalog of security guidance and requirements that address both Security and business needs; partner with internal teams to ensure relevance and increase adoption of security guidance
- Deep understanding of current and upcoming regulations and standards that will impact software security at BlackBerry
- Work with stakeholders across the business to ensure that BlackBerry is well-positioned to deliver on the industry shift to provide Software Bill of Materials (SBOMs)
- Develop process and program functionality with internal teams to remove security barriers and develop security requirements to ensure BlackBerry's complicated software landscape remains compliant with all current and upcoming regulations across all product line.
- Cultivate relationships with Security, engineering, legal, internal audit, and business stakeholders to strengthen the security management program
- Engage with Sales & Marketing teams to ensure the security team is creating value for our customers
- Contribute to enterprise-wide metrics, KPI/KRI's, and ROI to communicate status, demonstrate progress, demonstrate business value, and build awareness of program performance
- Communicate data to all levels of the organization, including executives and decision-makers
- Manage requirements on behalf of the CISO organization and act as subject matter expert to ensure products teams ingest these requirements
- Bachelor degree or equivalent in Computer Science or Information Technology
- 7 years of experience developing software-related security requirements
- Proven ability to work with software product teams to meet compliance and regulatory requirements
- Firm grasp of the software development lifecycle, agile and CI/CD methodologies, and secure development practices
- Experience developing content and delivering data to all levels of business, including executives
- Ability to build relationships with product team leaders and architects to improve product security
- Experience growing customer relationships and driving to mutual business objectives
- Excellent written and verbal communication skills, including the ability to convey highly technical information to non-technical audiences
- Strong familiarity with industry frameworks/programs such as NIST SSDF, FedRAMP, SOC2, ISO-27000, ISO-21434, FIPS, NIAP, and EO14028
- Security knowledge of three or more of the following areas:
- Web/internet applications and frameworks
- Cloud architecture and deployment
- Container technologies, including Docker and Kubernetes
- Mobile applications running on both Android and iOS
- Desktop/server platforms, including Windows, Linux, and Mac
- Mobile operating systems and device management, including Android and iOS
- Embedded operating systems, including QNX
- IoT and embedded devices, including services and supporting backends
- PKI and cryptography
- CSSLP, CISSP, CISM, or CISA certification
- Understanding of typical security vulnerabilities and their standard fixes/mitigations
- Familiarity with CVE, CWE, and CAPEC programs
- Knowledge of security testing tools such as SAST, DAST, SCA, and Fuzzing
- Experience working with secure coding methodology and best practices, and their implementation within engineering teams
Scheduled Weekly Hours: