Director of Software Security

s for secure microservices, APIs, and cloud-native apps

• Establish security patterns for containers, Kubernetes, and serverless

• Lead threat modeling initiatives

• Ensure secure API design and zero trust principles

Regulatory Compliance & CMMC

• Lead compliance initiatives for:

  • Cybersecurity Maturity Model Certification (CMMC 2.0)
  • NIST SP 800-171r2 /800-53
  • ISO 27001

• Ensure software systems meet federal, defense, and privacy regulations

• Coordinate audits, assessments, and continuous monitoring programs

• Implement controls for handling Controlled Unclassified Information (CUI)

Cloud & Platform Security

• Secure DevOps pipelines across cloud platforms:

  • Amazon AWS
  • Microsoft Azure
  • Google Cloud
  • IBMC cloud
  • Cadence software service and products

• Implement infrastructure-as-code (IaC) security scanning

• Define secrets management, identity, and access controls

Application Security Program

• Build and scale AppSec program across all product lines

• Define vulnerability management lifecycle (discovery → remediation → validation)

• Establish bug bounty / responsible disclosure programs

• Integrate security into Agile and CI/CD workflows

Supply Chain & Software Integrity

• Secure software supply chain (SBOM, dependency scanning)

• Implement artifact signing, provenance, and integrity validation

Governance & Risk Management

• Define policies, standards, and secure development guidelines

• Establish KPIs: vulnerability remediation SLA, code coverage, pipeline security

• Align software security with enterprise risk management

• Report posture to executive leadership and board

Leadership & Cross-Functional Influence

• Lead teams of AppSec engineers, DevSecOps engineers, and architects

• Partner with Engineering, Product, Legal, and Compliance teams

• Build security champions program within development teams

• Influence engineering culture toward security ownership

Required Qualifications

• 12-15+ years in cybersecurity, with strong focus on application security and DevSecOps

• 5+ years in leadership (manager/director level)

• Deep expertise in:

  • Secure SDLC and DevSecOps pipelines
  • Cloud-native architectures and container security
  • Regulatory frameworks (CMMC, NIST, ISO)

• Experience in regulated industries (defense, government, healthcare, fintech)

Preferred Qualifications

• Hands-on experience with tools such as:

  • SAST: Checkmarx, Veracode
  • DAST: Burp Suite
  • SCA: Snyk, Black Duck
  • CI/CD: Jenkins, GitHub Actions

• Familiarity with Kubernetes, Docker, and service mesh security

• Certifications:

  • CISSP, CSSLP
  • CISM or CCSP

• Experience with Zero Trust and identity-first security

Key Skills

• DevSecOps Transformation

• Secure Software Architecture

• Regulatory Compliance (CMMC, NIST, ISO)

• Application Security & Threat Modeling

• Software Supply Chain Security (SBOM, SLSA)

• Cloud & Container Security

• Executive Communication & Strategy

The annual salary range for California is $164,500 to $305,500. You may also be eligible to receive incentive compensation: bonus, equity, and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the salary range is a guideline and compensation may vary based on factors such as qualifications, skill level, competencies and work location. Our benefits programs include: paid vacation and paid holidays, 401(k) plan with employer match, employee stock purchase plan, a variety of medical, dental and vision plan options, and more.
We're doing work that matters. Help us solve what others can't.