Back to all jobs

Director, Product Security - Application Security (Remote US)


Oct 19

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.  

We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success. 

We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.

Medallia’s security team is responsible for the security of the overall Medallia platform and entire global infrastructure. We are looking for exceptional technical leaders, who understand multi-tenant SaaS environments, have experience building and leading successful teams while working closely with our global engineering teams to ensure that we build secure and robust software in the world of SecDevOps. We are looking for a candidate who is passionate about security, has a strong technical leadership background and loves enabling teams to create and implement innovative solutions to challenging problems.
Medallia is a technology powerhouse and our security challenges cannot be solved by traditional security technologies. This role requires strong leadership, creative thinking and innovative approaches to help stay a step ahead in securing our applications, services and data. This role will be responsible for leading a team of security engineers who develop and operate tools, technologies and create processes to mature our security program within the development lifecycle of our product portfolio. Focusing on Medallia’s Federal environment, the role will be driving application security initiatives across the technical stack.



Specifically, you will:

    • Work with other senior leaders to establish strategic plans, objectives and budgets
    • Oversee high quality and timely delivery of projects and operational tasks
    • Recruit and retain high performing and high caliber technical talent
    • Assist and enable engineering teams to adopt secure development practices
    • Provide software security advice to cross-functional teams including product, engineering, and services
    • Work closely with engineering and product teams to drive security issues to resolution
    • Develop and mature software security guidance including training materials, best practices, secure development standards, reusable code, etc.
    • Employ knowledge and deep understanding of threat landscape, SaaS industry, and customer feedback to drive the pipeline of impactful security features
    • Show leadership throughout the organization by taking on projects outside of Product Security, collaborate with and build relationships of trust throughout the business
    • Manage security vendor and partner relationships

Minimum Qualifications:

    • 5+ years of experience with software security assessments and remediation in Java (or other object-oriented languages)
    • 8+ years of experience managing, building and leading teams
    • Proven ability to work collaboratively across and within teams
    • Strong skills in at least two of the following areas: architecture review/threat modeling, penetration testing, static or code analysis automation
    • Independent problem-solving capabilities and excellent communication skills

Preferred Qualifications:

    • CISSP or CSSLP certification
    • Knowledge of how to apply and operationalize software vulnerability management tools
    • Knowledge of Node.js or any modern JS framework (such as React.js), or with native mobile development
    • Knowledge of popular web development frameworks (AngularJS, React, Redux, Velocity, StringTemplate, jQuery, Jackson, THRIFT, etc.)
    • Knowledge of microservices architecture and containers
    • Experience working in a compliance-focused environment 
    • Knowledge of FedRAMP (Federal Risk Authorization Management Program)
    • Knowledge of FISMA (Federal Information Systems Management Act)

    • Keywords: Software Security, Application Security, (software) Architecture Review, Secure (software) Architecture, Secure (software) Design, Secure Code Review, (application) Pen-Testing, (application) Penetration Testing, Dynamic (security) Analysis, Static Analysis, 
At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity is afforded to all qualified applicants and employees. We do not discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other protected category. We also consider all qualified applicants regardless of criminal histories, consistent with legal requirements. 

Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and local disability laws. 

For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.