Product Security Operations Engineer - Remote / Telecommute

We are looking for Product Security Operations Engineer - Remote / Telecommute for our client in San Jose, CA

Job Title: Product Security Operations Engineer - Remote / Telecommute

Job Location: San Jose, CA

Job Type: Contract

Job Overview:

Pay Range: $125.00/hr - $130.00/hr

• This role focuses on managing and remediating third-party and open-source risk across the client's portfolio. It combines technical depth with the ability to navigate complex organizational structures.

Requirement/Must Have:

• 5+ years in Security Operations, DevSecOps, or Product Security.
• Proven ability to communicate technical security risks to various audiences.
• Experience interpreting security policies and turning them into practical requirements.

Responsibilities:

• Act as a technical lead for managing external dependencies, driving the strategy and execution for upgrades and patching across multiple product lines.
• Work closely with stakeholders across Engineering, Product Management, and DevOps to prioritize security requirements and align them with existing release roadmaps.
• Translate high-level security policies into clear, actionable product requirements and technical guidance.
• Leverage data, including Software Bill of Materials (SBOM) and asset intelligence, to identify systemic risks in the supply chain and report on remediation progress.
• Drive security projects with a focus on clear ownership, milestone tracking, and proactively resolving conflicts in priority.

Nice to Have:

• Proficiency in scripting (e.g., Python, Go) to automate the tracking of library versions and vulnerability status.
• Familiarity with supply chain security standards and Software Composition Analysis tooling.
• Experience in a global, distributed environment where managing cross-functional dependencies is a core part of the culture.
• A background in Technical Program Management or Engineering Management.

Qualification And Education:

• Deep understanding of the software development lifecycle (SDLC) and the complexities involved in upgrading core libraries in a large-scale environment.
• Exceptional organizational skills and the ability to manage complex, multi-quarter security initiatives.