Senior Director, Product Management, Software Composition Analysis (SCA)

Product Management Requisition ID 5795 Foster City, California california Florida North Carolina


Qualys platform unifies different context vectors like asset discovery, rich normalized software inventory, end-of-life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response – all in a single, cloud-based app. 

Qualys has thousands of customers running millions of Cloud Agents on everything virtual and physical, including: laptops, desktops, servers, cloud platforms, and mobile devices, along with running container sensors, cloud connectors for securing their container and cloud environment.

Over the past year, cyber attacks such as SolarWinds and Kaseya involved infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations and their customers. Protecting the software supply chain is a multifaceted challenge that includes code signing, identity and access management, policy … and software composition analysis (SCA). Software Composition Analysis or SCA has always played a role in protecting the software supply chain, historically by identifying vulnerabilities and licensing risks in open source libraries and advising security and development teams on upgrade paths.

This is a product management leadership role in the areas of SCA where you will be part of a global Product Management team defining the future of the agent platform to extend it for securing supply chain from the source to the production.

This role is responsible for leading, managing roadmap, requirements, and priorities around SCA componentry. As a successful candidate, you will work closely with the Engineering, Program Management, Support, other Product Management teams as well as marketing teams locally and worldwide.

This role requires conducting research, interact with end users and customers to define and bring new Qualys offerings of SCA to customers via Cloud agent, Container sensors. You will work very closely with product engineering leadership and be a key member interfacing with product leadership and executive staff on defining SCA support strategy for Qualys - including MVP definition, go to market/competitive strategy, beta strategy. The successful candidate will have the ability to interface and influence cross-functional teams/sales teams to support and leverage SCA.

Role and Responsibilities

  • Be the ‘Product leder’ that the GTM,engineering teams look to for guidance and leadership
  • Product Roadmap – Define and Develop a product roadmap that represents MVP, key deliverables, customer asks and market direction
  • Manage and prioritize feature requests from internal/external customers and manage the dependencies through completion.
  • Lead and collaborate on feature and UI design for this highly visible product line
  • Engage with executive stakeholders to identify needs and map it to overall product roadmap.
  • Work closely with the Cloud Agent and Container product leadership to ensure SCA is supported with appropriate priority and have strong alignment to roadmap.
  • Provide timely updates to executive team.
  • Ability to engage with sales on enablement, training and positively engage with/influence customers and partners

Desired Skills, Experience and Qualifications:

Candidate must possess background in product management/engineering with 2+ years of experience of working in container, CI/CD security program, 5+ years of proven product management/owner experience and 10+ years of experience in technical cybersecurity field

  • Comfortable with conflicts, capable of influencing cross-functional teams without formal authority
  • Passionate problem solver
  • Strong desire for learning new things
  • Excellent analytical, written, and verbal communication skills – capable of explaining complex requirements in simple words
  • Experience with Agent technologies, Container security, CI/CD workflows
  • Expert knowledge or working experience in the fields of Software Bill Of Material (SBOM)/Software Composition Analysis (SCA)
  • Experience with SaaS model / cloud-based security systems is a plus
  • Experience working with large enterprises, understanding their needs and capabilities related to assessing open source software security, vulnerabilities.
  • Prior experience of software development and good understanding of software engineering methodologies is a big plus
  • Good domain knowledge of cyber security technologies and concepts is required
  • Any programing or integration experience in the past will be highly beneficial
  • Bachelor's / Master’s degree in a technical field (or equivalent)

EEO Employer/Vet/Disabled