SAS

Manager, Product Security Lead

SAS  •  Cary, NC (Hybrid)  •  9 hours ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Manager, Product Security Lead- Hybrid, Cary, North Carolina

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

If you're looking for a dynamic, fulfilling career with flexibility and a world-class employee experience, you'll find it here. We're recognized around the world for our inclusive, meaningful culture and innovative technologies by organizations like Fast Company, Forbes, Newsweek and more.

About the job

Security is a competitive advantage at SAS. Enterprise customers are making buying decisions based on it. Global Engineering is looking for a Product Security Lead, the technical authority at the center of our dedicated security cohort, to own our picture of the threat landscape, assess what it means for SAS, and keep engineering leadership informed and ahead of it.

This is a role for someone with genuine depth: technically rigorous, clear-headed under pressure, and curious enough to build real fluency in a complex platform. If you're the kind of security professional who goes deep on the systems you protect rather than applying generic frameworks from a distance, this role was built for you.

As Product Security Lead, you will:

  • Maintain a current picture of the external threat environment, including CVEs, industry incidents, emerging attack patterns, and regulatory shifts, and proactively brief engineering leadership on what matters and why.
  • Assess how external threats map to the SAS portfolio in architectural context, filtering findings that are unexploitable given how Viya is built and deployed, so engineering teams stay focused on genuine risk.
  • Lead the organization's response to CVE risks from penetration tests, customer requests, and Tech Support PSIRTs, determining appropriate responses such as mitigation, compensating controls, or full remediation.
  • Lead, mentor, and direct a small team of offensive security specialists conducting internal penetration testing, validating findings, reviewing remediations, and coordinating follow-on testing.
  • Represent Global Engineering on the ISMS Board and serve as a named lead in the organization's security incident response playbook.
  • Ensure all applicable security policies and processes are followed to support the organization's secure software development goals.
  • Embrace curiosity, passion, authenticity, and accountability. These are our values and influence everything we do.

Required qualifications

  • Bachelor's degree with major study in Computer Science, Electrical Engineering, or related field. Relevant security certifications preferred, such as GIAC certifications, CEH, CCSP, CSSLP, CISM, or CISSP.
  • Extensive hands-on experience in product security, application security, or software security engineering, with a track record of meaningful impact, not just process compliance.
  • Deep technical understanding of modern software architectures, cloud platforms, and enterprise SaaS deployment models, sufficient to evaluate security findings in architectural context, not just in the abstract.
  • Proven experience in threat intelligence, CVE management, and security incident response, including hands-on involvement in active incidents.
  • Exceptional communication skills across audiences, able to brief executives on what matters and advise engineers precisely on what to do.
  • Equivalent combination of related education, training, and experience may be considered in place of the above qualifications.

Additional competencies, knowledge and skills

  • Influence without authority: demonstrated ability to drive alignment on security priorities across large, distributed engineering organizations.
  • Architectural fluency: you build genuine understanding of the systems you secure and know when you need to go deeper before rendering judgment on a finding.
  • People development: you set direction for experts, evaluate their work, and make the practitioners around you more effective.
  • Background in penetration testing leadership, offensive security, or red team operations.
  • Experience with supply chain security, SBOM, and third-party risk management.
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE, and SANS-25.
  • Familiarity with security governance frameworks and ISMS participation.
  • Recognized thought leadership in the security community (publications, conference contributions, open-source).

World-class benefits

Highlights include...

  • Comprehensive medical, prescription, dental and vision plans.
  • Medical plan options include:
    • PPO with low annual deductible and copays.
    • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
  • Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
  • An industry-leading 401k plan.
  • Tuition Assistance Program and programs and resources to support your development
  • Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
  • Volunteer Time Off, parental leave and unlimited paid sick days.
  • Generous childcare benefits for all full-time employees.

You are welcome here.

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our inclusive workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to any characteristic protected by law. Read more: Know Your Rights.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

Let's stay in touch! Join our Talent Community to stay up to date on company news, job updates and more.

#SAS #LI-WR1

SAS

About SAS

SAS is a global leader in data and AI. With SAS software and industry-specific solutions, organizations transform data into trusted decisions. SAS gives you THE POWER TO KNOW®.

Industry
IT & Software
Company Size
10,000+ employees
Headquarters
Cary, NC
Year Founded
1976
Website
sas.com
Social Media