Senior Security Product Manager (Remote)

You may work from a remote location for this role. Or, you may join us at SAS Worldwide HQ in Cary, NC for this role. 

Are you a problem solver, explorer, and knowledge seeker – always asking, “What if?” 

If so, then you may be the new team member we’re looking for. Because at SAS, your curiosity matters – whether you’re developing algorithms, creating customer experiences or answering critical questions. Curiosity is our code, and the opportunities here are endless. 

What we do  

We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live. 

What you’ll do  

As a Product Manager, you will be responsible for driving secure by design principles into SAS’ enterprise software platform and product strategy. In this high-profile role, you will be responsible for setting product direction and creating a roadmap in alignment with the portfolio vision, with a focus on cloud (public and private) security and secure development practices. With your knowledge of secure architecture design, secure software development lifecycle, and software as a service, you will help design and develop the advanced security focus of our data and analytics-powered products.

Working closely with R&D and the Product Security Office, you will craft new product security features, standards and practices that help our customers navigate the analytics lifecycle more securely in areas like data engineering, visualization, application development, and ops activities. You will play a strategic role with partners in sales, marketing, customer support and enablement organizations as you communicate product security information and strategy to internal constituents and support the external presence of SAS and our offerings.

You will:

• Define and prioritize product security requirements based on industry standards and regulations, business drivers, customer inputs, market direction, and field contribution.
• Translate business requirements into technical, functional, and non-functional security requirements, including definition of use and abuse cases.
• Drive secure product development and collaborate with software development teams based on requirements management, risk management, risk mitigation, and product lifecycles.
• Collaborate with the Product Security Office, R&D and the Product Security Response Team on security features, standards, and process improvement guidance.
• Support product launches as primary content provider to facilitate knowledge transfer of product functionality to marketing and sales.
• Present product vision, roadmap, and software demonstrations to internal constituents, customers, and others.
• Identify new security considerations and opportunities and evaluate emerging standards, technology and business issues that may present opportunities or threats to the company.
• Explore and establish business partnerships with channels, third party software vendors, internal organizations, and external customers.
• Evaluate opportunities for engagement and participation in open-source software projects in areas related to the SAS software portfolio.

What we’re looking for:

• You’re curious, passionate, authentic, and accountable. These are our values and influence everything we do.
• 7+ years of experience either as a product manager or security engineer who has used agile methodologies to deliver secure software products or technology platforms to market.
• You must be knowledgeable with key security concepts such as cloud security, Kubernetes security, and container security.
• You have a bachelor’s degree in Computer Science or a related quantitative field.
• Understand concepts of Software-as-a-Service (SaaS) and/or Platform-as-a-Service (PaaS) business models.

Preferred qualifications:

• Familiarity with identity and access management, API security, web application security, secrets management, supply chain security, and zero-trust architecture.
• Demonstrated understanding of crypto basics (encryption, signing, certificates, common algorithms).
• Experience identifying and remediating common software security vulnerabilities (OWASP Top 10, OWASP API Top 10) with defensive technical security controls and mitigation techniques.
• Knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP).
• An understanding of secure software development lifecycle (SDLC) frameworks such as OWASP SAMM, BSIMM, and Microsoft SDL.
• An understanding of cybersecurity standard and compliance frameworks including NIST 800-53, US Executive Order 14028 (Cyber EO), FIPS 140-2, and FedRAMP.
• An understanding of secure architecture design principles and threat modeling methodologies, such as STRIDE or DREAD.
• An understanding of security assessment techniques and technologies (penetration testing, incident response, forensics, and tooling such as SCA, SAST, DAST, and IAST.
• Security certifications such as: CISSP, CSSLP, CCSP, CKS.
  
  

Why SAS:

• We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
• Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it - and we can’t wait to see what you’ll bring.

#LI-Remote #dice #LI-WR1

SAS looks not only for the right skills, but also a fit to our core values. We seek colleagues who will contribute to the unique values that makes SAS such a great place to work. We look for the total candidate: technical skills, values fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an Equal Opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sex,  sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. Also view the Pay Transparency notice.

Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

All valid SAS job openings are located on the Careers page at www.sas.com. SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at Recruitingsupport@sas.com before taking any further action.