Semperis

AVP of Product Security

Semperis$130K — $180K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in information security, with 5+ years in product security leadership.
  • Experience integrating security into the Software Development Lifecycle at a SaaS company.
  • Expertise in security architecture for cloud native and hybrid environments, preferably Azure.
  • Hands-on experience with AI and ML security controls.
  • Proven history of developing enterprise vulnerability management programs with risk prioritization.
  • Ability to influence executives and achieve alignment across teams.
  • Strong communication skills for translating technical risks to business terms.

Responsibilities

  • Establish secure design standards and security architecture across product development.
  • Shift security left to minimize late-cycle issues and costs.
  • Build a inclusive vulnerability management program addressing recent AI threats.
  • Enable secure AI adoption in products and internal systems.
  • Define clear security architecture patterns for business clarity.
  • Own risk-based prioritization and executive reporting on vulnerability management.
  • Provide leadership in creating consistent security standards across teams.
  • Recruit and develop a high-performing product security team.

Benefits

  • Hybrid work model with flexibility to work remotely and from the office.
  • Opportunity to lead transformative security initiatives with executive support.
  • Chance to build robust security practices within a fast-growing company.
Full Job Description
About the Role

We are seeking an AVP of Product Security, reporting directly to the Chief Information Security Officer. This leader will drive security into product development. This is a transformation role to scale company wide efforts across our products, and the right leader will bring a mindset that drives the business forward and with scalability at top of mind. You will drive the approach, patterns, and engagement that embed security through design standards, threat modeling, and automated processes.

The AVP of Product Security will own security architecture and vulnerability management. Architecture sets the standard at design time, and vulnerability management proves whether it held. This holistic approach means you set the direction and you get the data to steer by, with ownership over the environment.

AI is what makes this the moment. It is moving to the core of what we ship and how we build, and you will define how we secure it, from architecture patterns for models and agents to a vulnerability management program built for threats that did not exist two years ago. This is a chance to build the practice, with executive backing and a company growing fast enough to make it count.

What you will be doing:
  • Establish secure by design standards and the target state security architecture across product development, covering threat modeling, secure design review, secure SDLC, and vulnerability management.
  • Shift security left into product and engineering to reduce risk and cost, so that fewer issues surface late in the release cycle where remediation is most expensive.
  • Build a formal vulnerability management program encompassing both traditional vulnerability management and AI. This includes addressing prompt injection, model manipulation and evasion, training data poisoning, model and data exfiltration, insecure model supply chain, and unsafe agentic behavior.
  • Enable secure AI adoption across our products and internal systems.
  • Define security architecture patterns that drive clarity with the business and enable the right guardrails.
  • Own risk based prioritization, remediation SLAs, and executive reporting for enterprise vulnerability management.
  • Provide senior technical leadership and create clear, consistent standards across Product, Engineering, and Security.
  • Build proactive security leadership and trusted partnerships across Product, Engineering, and Security teams.
  • Recruit, develop, and lead a strong team of product security engineers and security architects.

What you will bring to the table:

A proven track record across a variety of large, product driven organizations, with a focus on transformation, scale, and partnering with the business.
  • 10+ years of information security experience, including 5+ years leading product security, security architecture, and/or vulnerability management functions.
  • Proven experience embedding security into the Software Development Lifecycle SDLC at a software or SaaS company, including threat modeling, secure design review, code and dependency scanning, and penetration testing.
  • Deep security architecture expertise across cloud native and hybrid environments (Azure preferred).
  • Hands on experience implementing AI and ML security controls.
  • Experience building or maturing enterprise vulnerability management programs, including risk based prioritization and remediation governance.
  • A track record of influencing at the executive level and driving alignment across Product, Engineering, and Security organizations.
  • Strong communication skills, with the ability to translate technical risk into clear business terms that enable decisions.

Bonus Points:
  • Experience securing agentic AI systems or AI enabled products in production.
  • Familiarity with identity security, Active Directory, and Entra ID.
  • Experience supporting compliance programs such as FedRAMP, SOC 2, ISO 27001, or NIST frameworks.
  • Relevant certifications (CISSP, CSSLP, SABSA, TOGAF).


**Semperis maintains office locations in several cities across the globe. Where the job description specifies a required location, candidates will follow our hybrid work model. This includes working up to three days per week and remotely the remaining days.

About Semperis

Semperis is a cybersecurity company that specializes in identity-driven security solutions for Microsoft enterprise environments. The company was founded in 2013 and is headquartered in New York City, with additional offices in Tel Aviv and London. Semperis' products and services help organizations protect their critical assets from cyber threats, including ransomware, phishing, and other attacks. The company's solutions are used by Fortune 500 companies, government agencies, and other organizations around the world. Semperis is committed to innovation and has received numerous awards for its technology and services.
Learn more about Semperis
Size
100 employees
Industry
Net Income
-$5 million
Founded
2013
5 Year Trend
+50%
Revenue
$10 million
NASDAQ

Similar Jobs

More Jobs at Semperis

More Information Technology Jobs

Find similar AVP of Product Security jobs: