Director, Product Security

We are a global team of innovators and pioneers dedicated to shaping the future of observability. At New Relic, we build an intelligent platform that empowers companies to thrive in an AI-first world by giving them unparalleled insight into their complex systems. As we continue to expand our global footprint, we're looking for passionate people to join our mission. If you're ready to help the world's best companies optimize their digital applications, we invite you to explore a career with us!

Your opportunity

Do you want to drive the future of innovative product security capabilities that customers can trust to run their business? Interested in leading a stellar product security team for a rapidly scaling SaaS business? Then we're very interested in speaking with you!

Our new security leader will drive a comprehensive product security roadmap for customer trust and assurance. As a key member of the Chief Information Security Officer's staff, you will build a solid foundation for the product security ecosystem while executing on critical priorities. This is a critical leadership role for an individual who deeply understands the technical challenges of rapid product delivery and can embed security as a foundational element of our engineering culture.

You will be the vital link between Engineering, Product Management, and Security. This role will visibly represent the New Relic Security Team throughout the company, working with product managers, engineering leadership, industry thought-leaders, and customers.

What you'll do

Strategy & Execution

• Work closely with the CISO to provide leadership for product security strategy execution, product security architecture, and the secure engineering ecosystem.
• Help build and deliver on the CISO's vision for the growth of information security programs such as SDLC, audit logging, product security standards, security testing, and bug bounties.
• Own and Execute the Product Security Strategy, defining a clear, actionable roadmap that aligns with business goals and reduces organizational risk.
• Act as the principal security advisor to Engineering and Product leadership, translating high-level product strategy into technical security requirements and engineering practices.

Engineering & DevSecOps Leadership

• Drive DevSecOps Adoption by architecting and leading the implementation of our DevSecOps program, integrating security testing, validation, and controls seamlessly into the CI/CD pipeline17.
• Leverage deep experience with a broad range of development, build, and deploy systems (e.g., Jenkins, GitLab CI, Kubernetes) to identify and eliminate security friction points.
• Design, implement, and run an effective Product Vulnerability Management lifecycle, from automated scanning and triage to developer remediation and verification.
• Work directly with development teams to improve and scale secure coding practices, focusing on developer experience and automation.

Governance & Team Growth

• Feed and grow a global security organization that motivates team members to face challenges and deliver significant work.
• Coach and mentor managers and team members by understanding their career goals and providing opportunities for professional growth.
• Drive security collaboration with partners in Legal, Data Compliance, and Privacy to develop and execute policy and controls related to product development, software supply chain, open-source, and mergers & acquisitions.
• Build partnerships with product, engineering, go-to-market, and sales leaders to deliver on security initiatives.
• Provide leadership and confidence during Product security incidents.
• Develop and deliver internal security scorecards for use with executive and board reporting.
  
  

This role requires

• 10+ years of technical hands-on security experience or security program management.
• Deep Engineering Background: Substantial, hands-on experience in software engineering and development roles prior to, or integrated with, security leadership (i.e., you can speak the language of engineers).
• Demonstrated ability leading multiple managers and teams.
• SaaS Product Delivery Experience: Proven track record of securing rapidly scaling SaaS products delivered on cloud platforms.
• Strong product security program planning, project management, and execution skills.
• DevSecOps Mastery: Extensive, practical experience designing and implementing advanced DevSecOps toolchains and methodologies.
• A background involving open-source security, vulnerability disclosure, SaaS cloud security technologies, product incident response, and a deep understanding of risk and threat assessments.
• Experience identifying and resolving potential security issues involving compliance, mergers and acquisitions, and regulatory issues as related to Software as a Service (SaaS).
• Demonstrated communication skills with detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.

Bonus points if you have

• Experience defining, documenting, and implementing controls required for compliance frameworks such as FedRAMP, HIPAA, and/or ISO 27001.
• Demonstrated success with achieving cross-organizational security goals.
• A history of publishing, public speaking, and involvement with security industry working groups.
• Experience with assessing/building multi-year roadmaps/advancing cybersecurity program maturity.

Please note that visa sponsorship is not available for this position.

#LI-JH1

Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics’ different backgrounds and abilities, and recognize the different paths they took to reach us – including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We’re looking for people who feel connected to our mission and values, not just candidates who check off all the boxes. 

If you require a reasonable accommodation to complete any part of the application or recruiting process, please reach out to resume@newrelic.com.

We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success, including fully office-based, fully remote, or hybrid.

Our hiring process

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic develops and distributes encryption software and technology that complies with U.S. export controls and licensing requirements. Certain New Relic roles require candidates to pass an export compliance assessment as a condition of employment in any global location. If relevant, we will provide more information later in the application process.

Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics. 

Review our Applicant Privacy Notice at https://newrelic.com/termsandconditions/applicant-privacy-policy