Product Security Manager – AWS/Azure

This is a fully remote position, open to applicants in Portugal.

📋 Description

• Develop and implement bolttech's Product Security program and roadmap from the ground up.

• Take ownership of the overall security posture of each product as an integrated system.

• Manage the deployment of products on cloud platforms like AWS and Azure.

• Oversee data isolation in multi-tenant environments.

• Regulate privileged and administrative access.

• Ensure that logging is audit-ready.

• Enhance the product's compliance and customer-trust framework (including certifications, due diligence, and security questionnaires).

• Lead threat modeling and design reviews from the initial phases of new products and features.

• Work with product and engineering owners to prioritize remediation efforts.

• Integrate security requirements for AI-driven capabilities alongside the AI Security function.

• Maintain a comprehensive view of risks and findings across the Group, collaborating effectively with other teams.

⛳️ Requirements

• Minimum of 7 years of experience in product security, cloud security, security architecture, security governance, or similar technical security roles.

• In-depth understanding of the architecture, deployment, and end-to-end security of cloud-based and SaaS products (application, cloud, data, identity, operations).

• Solid grasp of cloud platform security (AWS and Azure), multi-tenant data isolation, and cryptographic data protection principles.

• Experience with product or system-level threat modeling, security design reviews, and risk prioritization/remediation.

• Good knowledge of identity and access management, privileged access, APIs, authentication, authorization, and data protection controls.

• Familiarity with security and compliance frameworks such as ISO 27001, SOC 2, NIST, and cloud security frameworks (e.g., CSA CCM).

• Awareness of AI security risks, including generative AI, large language models, prompt injection, and data leakage.

• Strong analytical skills with the ability to clearly communicate technical and business risks.

• Excellent stakeholder management skills, capable of influencing product and engineering teams without direct authority.

• Proficient in English (both written and verbal), with the capability to explain security and compliance topics to technical and non-technical audiences.

🏝️ Benefits

• 15th month salary.

• Health insurance that covers your family.

• Day off for your birthday.

• Mobility program for digital nomads.

• Genuine work-life balance.