Engineering Manager, Product Security
We're looking for an Engineering Manager to join the Product Security Core (ProductSec Core) Organization. ProductSec Core team’s mission is to enable Coinbase to be the most trusted & secure platform to use crypto. You will collaborate with product and engineering teams to drive secure and customer-centric product design. You will lead your team of security architects and security engineers to embed security upstream and drive cross-functional efforts to operationalize business objectives while minimizing security risks. You will own and mature the Security Development Lifecycle (SDL) for the company.
ProductSec Core team provides security assurance services to all Coinbase product lines. These services include conducting design reviews, developing Threat Models, code reviews, penetration testing and providing trusted advisory to all engineering teams to ensure security is baked starting from the design stage to the deployment stage. This team will provide trusted security partner support to all high risk product verticals such as investments, retail, trading and platform services. You will provide security and architectural direction for the development, design, integration, testing, and maintenance of our product suite.
Key Job Duties:
- Program Development. We’re looking to you to expand and formalize our Secure Architecture and Engineering Program. As Coinbase has grown, our Product Security function has developed organically. This program drives our Security bar across all services. The purpose is to prevent the likelihood and impact of security breaches through high quality design reviews and successful remediation of security vulnerabilities. We expect you to bring an automation-first mindset to champion and drive automation of manual tasks, and process improvements across product security operations and advocate for internal security principles, and identify creative ways to embed concepts of security by design into operational activities.
- Team Management. Any team is only as strong as the individuals it’s composed of. Your primary concern will be the growth, development and health of the team. You’ll nurture the team, mentor them and unblock them. You’ll help your teammates find work they enjoy, and find ways to get through the work they don’t. We’ll ask you to hire more individuals to your team, so you’ll need to identify what skills and personalities you need to get the job done. Set clear targets and objectives, and establish KPIs for the team.
- Operations. Finally, we’re looking for someone who will be accountable to the operations of the team. You’ll work with your leadership to develop goals and metrics, and then we expect you to hold yourself accountable to them. Your quality bar defines the quality of the team, and we’re expecting yours to be high. From timelines to reviews, you’ll work to make sure the Security Partners team runs smoothly. We’ll also ask you to coordinate and bring in other security teams such as privacy, trust and safety, offensive security engagements as we need them. You’ll spend a significant amount of time communicating to your team, to your peers, and across the company.
- At least 3 years experience in managing product or application security teams that have had to adapt to the changing needs of a business experiencing rapid growth
- At least 6 years experience and solid foundation in security
- You are passionate about growing people and helping them achieve their goals
- You’ll be providing support and mentorship for application security engineers, so you’ll need to have enough experience in the field to guide them as they grow.
- From time to time, you may take on a review project for yourself to keep your skills relevant
- We look for individuals who are clear, direct, and kind in their communications.
- Ability to communicate with technical SMEs and non-technical stakeholders in order to drive alignment.
- You have an energy and self-drive for continuous learning as Crypto is a constantly and rapidly changing space
- Ability to do both long term thinking and short term planning
- We’ll need a manager capable of becoming a SME in one of our product technical architecture. This requires deep technical experience in software development, secure design, threat modeling, and application security
- Building stakeholder relationships is a crucial aspect of the role. A successful candidate will use every interaction as an opportunity to build trust through effective, positive, and efficient communication