Overview
Director & Product Security Jobs in Salt Lake City, Utah, USA at Sorenson Communications
Title: Director & Product Security
Company: Sorenson Communications
Location: Salt Lake City, Utah, USA
Type: Remote/Work from Home
Category: IT/Tech, Security
Position: Director Application & Product Security
Come be a part of our mission and make a meaningful and
positive impact
with the industry leading provider of language services for the Deaf and heard-of-hearing.
Benefits Paid Vacation Time and Paid Sick Time and Paid Holidays
401k 6% match with immediate vesting
Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
TeleDocHSA company match3 Medical plan options including a Low Deductible PPO Medical Plan Offering
Employee Assistance Program
Engaged Employee Resource Groups Outstanding Learning and
Career Development
Opportunities Pay Range:
Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.
* Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this role
** This position can be 100% Remote or Hybrid for local candidates
Essential Duties and Responsibilities
Strategic Leadership
& Program Development Define and execute the application and product security strategy aligned with business goals.
Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).Collaborate with engineering and product teams to embed security into all phases of software development.
Contribute to security roadmap development.
Technical Risk Management Lead the identification, assessment, and management of technical risks in applications and products.
Develop and maintain risk scoring models to prioritize security efforts effectively.
Establish metrics and KPIs to measure security posture and drive data-informed decision-making.
Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings
Manage technical Security Exception process
Define and maintain a security reference architecture that provides security best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.)Security Testing & Assurance Oversee security testing initiatives, including penetration testing, red teaming, and technical audits of technology platforms and systems.
Develop and enhance application security testing capabilities, including static (SAST),
dynamic
(DAST), and interactive (IAST) application security testing methodologies.
Partner with external security researchers and vendors to conduct advanced security testing and assessments.
Vulnerability & Remediation Management Manage vulnerability identification and remediation efforts across applications and product environments.
Establish secure coding practices and train development teams on security best practices.
Implement and enforce automated security testing and continuous security integration within CI/CD pipelines.
Compliance & Regulatory Alignment Ensure compliance with industry security standards (e.g., ISO 27001, SOC 2, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).Partner with internal audit, compliance, and legal …
