Product Manager, Cybersecurity Product

ABOUT THE ROLE

We are looking for a technically fluent and customer-obsessed Product Manager to own the strategy, roadmap, and delivery of application security (AppSec) product. You will work at the intersection of developer experience and enterprise security — helping engineering teams ship secure code faster while giving security teams the visibility and control they need. This is a high-ownership role that sits at the core of our product organization, shaping how modern enterprises embed security into every stage of the software development lifecycle.

KEY RESPONSIBILITIES

• Define and own the AppSec product roadmap — spanning SAST, DAST, SCA, and secure SDLC tooling — aligned with company strategy, developer workflows, and enterprise security requirements.
• Deeply understand the developer and security team personas: conduct continuous user research, interviews, and usability studies to surface pain points and validate product direction.
• Translate complex application security concepts into clear, actionable product specs, user stories, and acceptance criteria for engineering teams.
• Drive integration of AppSec tooling into CI/CD pipelines, ensuring seamless developer adoption without disrupting existing workflows.
• Collaborate with security researchers and engineers to shape vulnerability detection capabilities, triage workflows, and remediation guidance within the product.
• Partner with sales and pre-sales to understand enterprise deal blockers, compliance requirements (e.g., SOC 2, ISO 27001, PCI DSS), and competitive positioning.
• Define and track product metrics — vulnerability detection rates, mean time to remediation (MTTR), developer adoption, and false positive rates — to guide prioritization.
• Own go-to-market execution for new AppSec feature releases, including documentation, enablement materials, and customer communication.
• Stay current on the evolving AppSec landscape — new attack classes, CVE trends, regulatory shifts, and competitive tooling — to inform roadmap decisions.

REQUIRED SKILLS & QUALIFICATIONS

• Minimum 4 years of product management experience, with at least 2 years in an application security, DevSecOps, or developer tooling product environment.
• Solid working knowledge of AppSec fundamentals: SAST, DAST, IAST, SCA, secure code review, and common vulnerability classes (OWASP Top 10, CWE).
• Proven track record of delivering developer-facing security tools at enterprise scale, from concept through to production adoption.
• Experience collaborating with engineering teams on CI/CD pipeline integrations and a strong grasp of how modern software development workflows operate.
• Proficiency in product frameworks: OKRs, Jobs-to-be-Done, opportunity solution trees, and agile/scrum methodologies.
• Ability to balance developer experience (low friction, fast feedback) with security rigour (accuracy, coverage, compliance) in product decisions.
• Excellent communication skills — able to translate AppSec concepts clearly for both developer and CISO-level audiences.
• Familiarity with product analytics tools (e.g., Mixpanel, Amplitude, PostHog) and comfort using data to drive prioritization decisions.

PREFERRED / BONUS SKILLS

• AppSec Domain

SAST  •  DAST  •  IAST  •  SCA  •  OWASP Top 10  •  Secure SDLC  •  Penetration Testing

• Technical Familiarity

REST APIs  •  CI/CD Pipelines  •  Docker / Kubernetes  •  AWS / Azure  •  AI/ML Integrations

• Product & GTM

Multi-tenancy  •  RBAC Systems  •  Developer Tooling  •  Enterprise Sales Cycles  •  Pricing Strategy

• Tooling

Jira  •  Confluence  •  Figma  •  Notion  •  Productboard