Cast & Crew · 1 day ago
Manager, Product Security
United States
Full-time
Remote
Senior Level
$150K/yr - $190K/yr
5+ years expCast & Crew is a provider of entertainment technology and services that supports the global entertainment industry. They are seeking a Manager of Product Security to lead efforts in securing products, services, and infrastructure, ensuring that security is integrated into the software development lifecycle and managing a team of security engineers and analysts.
AccountingBookkeeping and PayrollSoftware
Responsibilities
Develop and execute a comprehensive product security strategy aligned with business objectives and risk tolerance
Define the security roadmap for all Cast & Crew products, services, and cloud infrastructure
Partner with VP of Engineering and product leaders to integrate security into the product development lifecycle
Establish and mature our DevSecOps program, driving "shift left" security practices across development teams
Participate in the Architecture Review Board to evaluate and approve new product designs from a security perspective
Define and track key security metrics, reporting progress to the CISO and executive leadership
Lead, mentor, and develop a team of security engineers and analysts (currently: Cloud Security Engineer and Application Security Analyst)
Foster a collaborative, learning-oriented team culture that balances security rigor with developer velocity
Conduct regular 1:1s, performance reviews, and career development planning for direct reports
Scale the team as the organization grows, including hiring and onboarding new security talent
Provide technical guidance and remove blockers to enable your team's success
Oversee cloud security posture across AWS and Azure environments, ensuring hardening and compliance
Manage application security testing programs including SAST, DAST, penetration testing, and bug bounty
Implement and optimize security tools in CI/CD pipelines to catch vulnerabilities early
Coordinate vulnerability management processes, prioritizing remediation based on risk
Lead incident response efforts for product security issues, conducting root cause analysis and implementing preventive measures
Ensure secrets management, container security, and infrastructure-as-code security best practices
Work closely with engineering teams to provide security guidance without slowing down delivery
Partner with the GRC team on compliance requirements (SOC 2, NIST 800-53) related to product security
Collaborate with the Corporate Security Operations team on monitoring, detection, and response
Engage with third-party security researchers and coordinate responsible disclosure programs
Communicate security risks and priorities effectively to both technical and non-technical stakeholders
Qualification
Required
5+ years of experience in application security, cloud security, or product security roles
2+ years of people management experience, including hiring, mentoring, and performance management
Deep technical expertise in at least two of the following areas: Application security testing (SAST, DAST, penetration testing), Cloud security (AWS or Azure), including IAM, network security, and CSPM, Secure software development lifecycle (SSDLC) and DevSecOps practices, Container and Kubernetes security, Infrastructure-as-code security (Terraform, CloudFormation)
Proven track record of building or scaling security programs in a fast-paced technology environment
Strong understanding of common vulnerabilities (OWASP Top 10) and secure coding practices
Experience integrating security into CI/CD pipelines and working with development teams
Excellent communication skills with the ability to explain complex security concepts to diverse audiences
Bachelor's degree in Computer Science, Information Security, or related field (or equivalent practical experience)
Preferred
Industry certifications such as CISSP, OSCP, CEH, CSSLP, or cloud security certifications (AWS Security Specialty, Azure Security Engineer)
Experience in regulated industries (finance, healthcare, entertainment) with compliance requirements
Familiarity with secrets management solutions (HashiCorp Vault, AWS Secrets Manager)
Experience with security orchestration and automation (SOAR, security-as-code)
Knowledge of threat modeling and secure architecture design patterns
Experience managing bug bounty programs or working with external security researchers
Background in software development (Python, Go, Java, or similar)
Experience with SIEM, logging, and security monitoring technologies
Familiarity with SOC 2, ISO 27001, or NIST 800-53 compliance frameworks
Benefits
Medical
Dental
Vision
PTO
Health and wellness programs
Employee discounts
And more!
Company
Cast & Crew
Cast & Crew began modestly as a small business that provided payroll services to the commercial and the music business.
501-1000 employees
H1B Sponsorship
Cast & Crew has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (6)
2024 (2)
2023 (3)
2022 (7)
2021 (5)
2020 (11)
Funding
Current Stage
Late StageTotal Funding
unknownKey Investors
Veronis Suhler Stevenson
2018-12-10Acquired
2013-02-05Private Equity
Leadership Team
S
Sally Knutson
CFO
Recent News
2025-11-26
The Hollywood Reporter
2025-10-03
Company data provided by crunchbase