We are hiring for Security PM / Lead at Remote location.

0 views
Skip to first unread message

Shyam Nampalle

unread,
Dec 5, 2025, 1:39:18 PM (4 days ago) Dec 5
to Shyam Nampalle

Hi,

We are hiring for Security PM / Lead at Remote location.

 

Role-Security PM / Lead

Location – Preferred Freemont otherwise Remote, Travel as needed to Freemont.

 

remote/onsite  - Onsite occasionally if working remote

 

And need to work onsite from Day 1 from Freemont, CA

Should be comfortable working as per PST timezone

Candidate should be comfortable working from his own laptop

 

Skills-

We are seeking an experienced Security PM / Lead with 10–15 years of experience in Information Security program management, IAM role governance, DevSecOps alignment, and large-scale transformation delivery. 

The role requires strong project management, hands-on JIRA execution, proactive risk escalation, and close collaboration with Application, IAM, and Security Engineering teams. 

 

No IAM architecture or engineering skills are required. 

 

Why This Role Matters 

The Security PM / Lead is responsible for ensuring secure delivery across enterprise applications and integrations by overseeing role governance, threat modeling, vulnerability remediation, and structured project execution. This role is essential for strengthening the organization’s security posture during large transformation initiatives. 

 

Required Qualifications & Experience 

  • 10–15 years in Security Program Management, Application Security, IAM, or InfoSec PM roles. 
  • Strong experience managing threat modeling, code-level risk assessments, and vulnerability remediation. 
  • Hands-on exposure to tools like SonarQube, Black Duck, Checkmarx, Veracode, or similar. 
  • Experience working on large transformation programs (cloud migrations, ERP modernization, platform rebuilds, etc.). 
  • Strong RBAC, role mapping, and access governance experience (non-architect). 
  • Excellent coordination, stakeholder management, and communication skills. 
  • Experience using JIRA, Confluence, SharePoint, and enterprise reporting tools. 
  • Preferred certifications: CISSP, CISM, PMP, CCSP, Security+. 

Core Competencies 

  • Strong leadership without authority 
  • Proactive risk and issue management 
  • Deep understanding of InfoSec controls and testing 
  • Excellent stakeholder engagement 
  • Detail-oriented project execution 
  • Clear and concise reporting 
  • Ability to manage work across multiple parallel streams 

 

 

Key Responsibilities 

Information Security & DevSecOps 

  • Integrate security controls into SDLC, CI/CD pipelines, and DevOps workflows. 
  • Lead planning and tracking vulnerabilities, code fixes, and security issues across applications. 
  • Partner with Dev, QA, and Infra teams to embed security-by-design practices. 

Threat Modeling, Risk Assessment & Vulnerability Governance 

  • Track and coordinate threat modeling activities for applications, integrations, and new features. 
  • Oversee risk assessments for new interfaces, API integrations, and design changes. 
  • Manage vulnerability assessments for code, APIs, microservices, and inter-application data flows. 
  • Track vulnerability remediation progress for SAST, SCA, DAST, dependency scanning, and secrets scanning. 
  • Work with engineering teams to ensure timely closure of high/critical vulnerabilities. 
  • Ensure alignment with InfoSec standards, secure coding guidelines, and audit expectations. 

Experience With Security Tools 

  • Work with engineering and DevSecOps teams to track and manage findings from: 
  • SonarQube (SAST) 
  • Black Duck or Synopsys SCA (Software Composition Analysis) 
  • Veracode, Checkmarx, Fortify, or similar 
  • OWASP dependency check, secret scanners, container scanners, etc. 
  • Coordinate remediation timelines, prioritize vulnerabilities, and report status to leadership and security governance teams. 
  • Ensure tool outputs are integrated into JIRA and program dashboards. 

Identity, Access & Enterprise Role Management (No Architecture Needed) 

  • Facilitate enterprise and application role mapping across business teams, app owners, and IAM governance. 
  • Drive RBAC alignment, SoD validation, access cleanup, and documentation accuracy. 
  • Lead role design workshops, manage follow-ups, and coordinate lifecycle updates. 

 

Regards,

 

Shyam Nampalle

Sr. Associate – Talent Acquisition

KAnand Corporation

| Email: shy...@kanandcorp.com

Web: www.kanandcorp.com

 

## CAUTION - Disclaimer ##

This e-mail contains Privileged and Confidential Information intended solely for use of the recipient (s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. KAnand reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on KAnand’s e-mail system.

##KANAND## End of Disclaimer ## KANAND##

 

Reply all
Reply to author
Forward
0 new messages