Mgr, Security Engineering

Are you an experienced security engineer and people leader looking for an exciting opportunity? EBSCO Information Services (EIS) has an immediate opening for a Security Engineering Manager. This role focuses on building and leading a high-performing Security Engineering Team and establishing the engineering practices, guardrails, and operating rhythms that help our product teams deliver secure, reliable software at scale.

The Security Engineering Manager will lead a team of security engineers partnering with product, platform, and infrastructure teams to reduce security risk across the software delivery lifecycle. The team enables secure-by-default patterns through threat modeling, security architecture guidance, automation, vulnerability management, and security monitoring—removing friction from delivery while raising the security bar across cloud and application environments.

• As a servant leader, provide direct line management for a team of security engineers (approximately 5–6), with a focus on growth and mentorship, psychological safety, operational excellence, and measurable risk reduction.
• Work closely with product owners, engineering managers, and technical leads to embed security into planning and delivery, including threat modeling, security requirements, and secure design reviews.
• Partner with engineering leaders, architects, and delivery teams to define and evolve security architecture standards, reference designs, and secure-by-default patterns across the organization.
• Define, implement, and track security metrics (e.g., vulnerability SLAs, coverage of security testing, time-to-remediate, and control adoption) to monitor and improve security outcomes.
• Own and evolve cloud security posture practices, including identity and access management, network segmentation, secrets management, and configuration baselines, in partnership with infrastructure and platform teams.
• Stay abreast of the threat landscape, emerging vulnerabilities, and security engineering trends; translate them into pragmatic controls and engineering improvements.
• Hold regular team meetings to review security operations signals (alerts, incidents, trends) and engineering telemetry to ensure controls are effective across environments.
• Provide timely, actionable feedback and coaching; create growth plans that build security engineering depth and leadership capability.
• Drive security automation across the SDLC, including SAST/DAST, dependency scanning (SCA), secrets scanning, and infrastructure-as-code scanning.
• Reinforce secure coding standards and code health, teaching practices that reduce common vulnerabilities and improve resilience.
• Lead a pragmatic application security and vulnerability management program: triage findings, set remediation priorities with engineering, and track SLA performance.
• Encourage collaborative security partnering with engineering teams (office hours, pairing on fixes, design reviews) to unblock delivery while improving security outcomes.
• Foster a growth mind-set in all employees; enable security craftsmanship, automation, and innovation.
• Advocate for the team and promote successes, share lessons learned from incidents and findings, and communicate security risk and progress clearly to stakeholders.
• Lead with accountability, autonomy, empowerment and manage the appropriate boundaries to achieve the result of having self-directed work teams.
• Attract, recruit, retain, and develop top engineering talent.
• Live the principles behind the Agile Manifesto and SAFe framework in all interactions and equip the team to do the same.

• 5–7 years recent software development experience as an individual contributor, Team Leader, or Senior Engineer mentoring junior engineers.
• Experience building and shipping production systems across at least 2 full product cycles.
• Active use of modern development practices such as Git workflows, CI/CD, containerization, or cloud platforms
• Ability to translate security and risk requirements into actionable engineering work (backlog items, guardrails, automation, and measurable outcomes).
• Self-motivated, detail oriented, responsible; strong collaboration skills and the ability to prioritize and re-prioritize quickly based on risk and business impact.
• Strong sense of ownership and desire to solve complex security and technical challenges, including vulnerability remediation, secure design, and incident-driven engineering improvements.