About the Team
The Product Security Operations team is the central nervous system of Cloudflare's security posture. We manage the end-to-end lifecycle of vulnerabilities across our entire global product suite. This team bridges the gap between external security researchers, automated scanning telemetry, and our core engineering squads. As the Manager of this team, you will lead a high-performing group of engineers to ensure that security findings are not just identified, but systematically eradicated.
About the Role / What You'll Do
As an Engineering Manager, you will transition from individual execution to Strategic Alignment and People Leadership. You will be responsible for the "Remediation Engine" of the company, ensuring your team has the resources, clear priorities, and technical guidance to secure Cloudflare's CI/CD pipeline.
1. People Leadership & Mentorship
- Growth Coaching: Directly manage and mentor a team of security engineers, focusing on their career progression from manual triage to security automation and architectural thinking.
- Technical Stewardship: Support senior engineers in designing high-level security "Guardrails" and "Secure-by-Default" libraries, ensuring technical visions align with operational workloads.
- Performance Management: Set clear KPIs for the team, focusing on signal-to-noise ratios, mean-time-to-remediate (MTTR), and researcher satisfaction.
- Vulnerability Pipeline Management: Oversee the global intake of findings from Bug Bounty platforms, SAST, DAST, and SCA. Ensure the team identifies patterns requiring systemic fixes rather than just "clearing tickets."
- Incident Escalation: Act as the primary escalation point for critical product vulnerabilities. Partner with VPs of Engineering and the CTO to decide when to accept risk for speed versus when to mandate architectural halts.
- Tooling Roadmap: Define the long-term roadmap for security automation-moving the team from manual "chasing" to automated remediation workflows and Slack/Jira integrations.
- Stakeholder Management: Partner with Product Managers and Engineering Directors to integrate security remediation into their quarterly planning and OKRs.
- Policy Design: Define and enforce "Zero Tolerance" vulnerability classes and auto-remediation rules that block insecure deployments at the Pull Request level.
- Experience: 10+ years experience in Product Security, Application Security, or SecOps, including a background in formal people management or technical team leadership.
- Technical Depth: Previous hands-on experience with the OWASP Top 10, modern CI/CD pipelines, and cloud-native security (Go, Rust, or Kubernetes environments).
- Operational Excellence: Deep understanding of managing high-volume vulnerability programs (Bug Bounty, SAST/DAST) and the diplomacy required for successful remediation.
- Strategic Thinking: Ability to translate complex technical risks into business impact for non-technical senior leadership.
- Education: Degree in Computer Science, Cybersecurity, or equivalent leadership experience in a high-growth technology environment.
- Experience managing distributed teams in a global "follow-the-sun" model.
- Relevant industry certifications such as CISSP, CISM, or CISA.
- Familiarity with Cloudflare's architecture, including Edge computing and Serverless environments.
Top Skills
What We Do
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Why Work With Us
Cloudflare employees come from all walks of life. We are mission-driven, and our team is energized by a collaborative, creative environment that celebrates our differences and fosters new ways to grow together.
Gallery
Cloudflare Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
We are committed to developing a global team that is distributed with a flexible working approach. Doing this equitably and inclusively is essential to our success. Visit our careers site for more on 'How & Where We Work.'
