ProdSecOps Manager

Location(s) Available: Bangalore, India

About the Team

The Product Security Operations team is the central nervous system of Cloudflare’s security posture. We manage the end-to-end lifecycle of vulnerabilities across our entire global product suite. This team bridges the gap between external security researchers, automated scanning telemetry, and our core engineering squads. As the Manager of this team, you will lead a high-performing group of engineers to ensure that security findings are not just identified, but systematically eradicated.

About the Role / What You’ll Do

As an Engineering Manager, you will transition from individual execution to Strategic Alignment and People Leadership. You will be responsible for the "Remediation Engine" of the company, ensuring your team has the resources, clear priorities, and technical guidance to secure Cloudflare’s CI/CD pipeline.

1. People Leadership & Mentorship

• Growth Coaching: Directly manage and mentor a team of security engineers, focusing on their career progression from manual triage to security automation and architectural thinking.
• Technical Stewardship: Support senior engineers in designing high-level security "Guardrails" and "Secure-by-Default" libraries, ensuring technical visions align with operational workloads.
• Performance Management: Set clear KPIs for the team, focusing on signal-to-noise ratios, mean-time-to-remediate (MTTR), and researcher satisfaction.

2. Operational Strategy

• Vulnerability Pipeline Management: Oversee the global intake of findings from Bug Bounty platforms, SAST, DAST, and SCA. Ensure the team identifies patterns requiring systemic fixes rather than just "clearing tickets."
• Incident Escalation: Act as the primary escalation point for critical product vulnerabilities. Partner with VPs of Engineering and the CTO to decide when to accept risk for speed versus when to mandate architectural halts.
• Tooling Roadmap: Define the long-term roadmap for security automation—moving the team from manual "chasing" to automated remediation workflows and Slack/Jira integrations.

3. Cross-Functional Influence

• Stakeholder Management: Partner with Product Managers and Engineering Directors to integrate security remediation into their quarterly planning and OKRs.
• Policy Design: Define and enforce "Zero Tolerance" vulnerability classes and auto-remediation rules that block insecure deployments at the Pull Request level.

Requirements

• Experience: 10+ years experience in Product Security, Application Security, or SecOps, including a background in formal people management or technical team leadership.
• Technical Depth: Previous hands-on experience with the OWASP Top 10, modern CI/CD pipelines, and cloud-native security (Go, Rust, or Kubernetes environments).
• Operational Excellence: Deep understanding of managing high-volume vulnerability programs (Bug Bounty, SAST/DAST) and the diplomacy required for successful remediation.
• Strategic Thinking: Ability to translate complex technical risks into business impact for non-technical senior leadership.
• Education: Degree in Computer Science, Cybersecurity, or equivalent leadership experience in a high-growth technology environment.

Preferred Qualifications

• Experience managing distributed teams in a global "follow-the-sun" model.
• Relevant industry certifications such as CISSP, CISM, or CISA.
• Familiarity with Cloudflare’s architecture, including Edge computing and Serverless environments.