Product Security Lead

About Swoop:

At Swoop, we’re on a mission to rapidly integrate our most critical infrastructure, National Security assets, and leading-edge innovation - a mission that fundamentally changes the future of how we connect. Working in stealth mode, our team has developed and fielded SwoopOS—an integrated platform of interoperable products to map, secure, and intelligently orchestrate device infrastructure at the edge. Whether it’s legacy or next gen equipment, Swoop allows systems to be interoperable, modernized, and their purposes reimagined all through software. If you want to be a part of an incredible team—high energy and creative, disruptive with exquisite technical acumen, and bounded by a core commitment to integrity and National Security…apply today!

Your Impact:

We are looking for an experienced Product Security Lead to drive the security of our products across the software development lifecycle. In this role, you will be responsible for defining and implementing security practices that ensure the confidentiality, integrity, and availability of our products and services. You will collaborate closely with engineering, DevOps, product, and compliance teams to embed security into product design and delivery, enabling secure innovation at scale.

What You’ll Do:

• Security Architecture & Design: Partner with engineering and product teams to incorporate secure design principles and threat modeling into product planning and architecture.

• Secure SDLC (Software Development Lifecycle): Establish and enforce security checkpoints across the SDLC, including secure coding guidelines, automated code scanning, and risk-based review processes.

• Application Security: Oversee the implementation and integration of static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and manual code reviews.

• Product Threat Modeling: Lead threat modeling exercises to proactively identify and mitigate risks during the early stages of design and development.

• Security Tooling & Automation: Select, deploy, and manage security tools to automate detection and mitigation of vulnerabilities across CI/CD pipelines.

• Vulnerability Management: Coordinate product vulnerability assessments, triage findings, and work with developers to remediate security issues promptly.

• Incident Response: Lead the security incident response process for product-related threats, ensuring root cause analysis and lessons learned are captured.

• Security Champion Program: Build and lead a security champions program to scale security awareness and ownership across engineering teams.

• Compliance & Privacy: Ensure products align with applicable regulatory and compliance standards such as SOC2, GDPR, HIPAA, and ISO 27001.

• Risk Assessment & Governance: Continuously assess security risks within products and provide clear, actionable guidance to reduce risk.

• Collaboration: Serve as the primary liaison between product, engineering, compliance, and security leadership to align priorities and strategies.

You Should Have:

Technical Skills:

• Application & Product Security: In-depth experience securing modern web applications, APIs, and backend services across a microservices architecture.

• Security Tools: Hands-on experience with tools such as:

  • SAST: Checkmarx, Veracode, or SonarQube

  • DAST: Burp Suite, OWASP ZAP

  • SCA: Snyk, WhiteSource, or Dependency-Check

  • Threat Modeling: Microsoft Threat Modeling Tool, IriusRisk

• Secure Coding Practices: Strong knowledge of OWASP Top 10, CWE/SANS Top 25, and common secure coding standards for languages such as JavaScript, Python, Go, and Java.

• CI/CD Security: Experience integrating security tools into CI/CD pipelines (e.g., GitHub Actions, GitLab CI/CD, Jenkins).

• Cloud Security: Familiarity with securing applications deployed on cloud platforms like AWS, GCP, or Azure.

• IAM & Authorization: Understanding of OAuth2, OIDC, and RBAC concepts within application security contexts.

• Penetration Testing & Code Review: Ability to perform or coordinate hands-on penetration testing and code reviews for security.

Soft Skills:

• Strong leadership and stakeholder management skills.

• Excellent written and verbal communication skills.

• Ability to explain complex security topics in business-friendly terms.

• Passion for mentoring and building a security-conscious engineering culture.

• Comfortable working in fast-paced, agile environments.

Bonus if you have:

• Certifications:

  • Certified Information Systems Security Professional (CISSP)

  • Offensive Security Certified Professional (OSCP)

  • GIAC Web Application Penetration Tester (GWAPT)

  • Certified Secure Software Lifecycle Professional (CSSLP)

• Experience: 5+ years in application/product security roles, with at least 2 years in a technical leadership or staff-level position.

• Regulatory Compliance: Familiarity with security and privacy compliance frameworks such as SOC2, ISO 27001, PCI-DSS, and GDPR.

• Security by Design: Track record of embedding security into product development processes at scale.

Swoop Technologies is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity or any other factor protected by applicable federal, state, or local laws.