Director, Product Security & Incident Response

Reports to: CISO

Location: Remote US

Compensation Range: $220,000 to $240,000 base plus bonus and equity

What We Do:

Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference.

Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service.

We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.

What You’ll Do:

As the Director of Product Security and Incident Response, you will protect Huntress from the adversaries we wreck daily with our products. You will be responsible for managing our attack surface, ensuring it is free of vulnerabilities, preparing our organization for incident response, and owning the offensive security team. This role will partner closely with the CISO and our Product and Engineering teams, and our Security Operations Center.

Responsibilities:

Strategic Leadership:

• Unified Security Vision: Develop and execute a roadmap that integrates the Secure SDLC with continuous adversary simulation. Ensure that findings from Offensive Security (Red Team) exercises are directly incorporated into the Product Security backlog.

• Board-Level Communication: Translate complex technical metrics (Drift, Detection Coverage) into business risk narratives for the executive leadership team (ELT) and the Board of Directors.

• Talent Development: Recruit, mentor, and retain top-tier talent in highly competitive fields (Offensive Security, AppSec). Build a culture of psychological safety where failure is viewed as a learning opportunity.

Adversary Informed Defense:

• Resilience Testing: Lead the Offensive Security team to conduct "Threat-Led Defense" operations. Simulate realistic APT campaigns to test the organization's ability to withstand and recover from attacks.

• CSIRT Readiness: Own the Incident Response capability for the company. Drive continuous improvement in incident response through rigorous drilling and automation.

• Drift Management: Implement automated systems to measure and remediate Configuration Drift and Detection Drift across the enterprise.

• Purple Teaming: Institutionalize collaboration among Offensive Security Analysts, CSIRT analysts, the broader Security Department, and other parts of the company to validate and tune detection logic in real time.

Product Security:

• Secure Infrastructure: Direct the security architecture for our cloud-native environment (AWS and Azure), ensuring immutable infrastructure and strict IAM governance.

• Vulnerability Management (VM): Oversee a risk-based VM program that prioritizes remediation based on exploitability and asset criticality.

• Regulatory Alignment: Ensure the product architecture supports SOC 2 and other regulatory requirements through partnership with our Governance team.

• AppSec Integration: Champion the use of automated security testing (SAST/DAST/SCA) within our engineering pipelines.

What You Bring To The Team:

• Minimum of 10+ years of progressive experience in Information Security, with at least 5 years in a senior leadership role (Director/VP) managing multi-disciplinary teams (e.g., Offensive Security, AppSec, Incident Response).

• Demonstrable experience developing and executing a multi-year security roadmap that aligns technical controls with enterprise business objectives and risk tolerance.

• Proven ability to communicate complex technical risks and metrics (e.g., detection coverage, drift rate, remediation velocity) to executive leadership (ELT) and the Board of Directors, effectively translating security posture into business language.

Technical and Programmatic Expertise:

• Deep, hands-on experience leading and maturing an Offensive Security (Red Team) function, specifically conducting Adversary Simulation and Threat-Led Defense operations.

• Expertise in Cloud-Native Security Architecture across major providers (AWS and/or Azure)

• Extensive experience designing, implementing, and running a risk-based Vulnerability Management (VM) program at scale.

• Comprehensive knowledge of Secure Software Development Lifecycle (SSDLC) principles, including the successful implementation and integration of automated security testing tools (SAST, DAST, SCA) into CI/CD pipelines.

• Expert-level understanding of Incident Response (IR) and CSIRT operations, including owning the IR process, coordinating complex incidents, and driving continuous improvement through post-mortem analysis and rigorous drilling.

• Direct experience with "Purple Teaming" methodologies to improve the efficacy of detection and response capabilities in collaboration with security engineering and operations teams.

Leadership and Culture:

• Exceptional talent acquisition, development, and retention skills, with a focus on mentoring high-performing, specialized security professionals in highly competitive domains (e.g., Offensive Security, AppSec).

• Demonstrated ability to build a positive, high-trust team culture that emphasizes psychological safety, continuous learning, and cross-functional collaboration.

• Proven ability to drive consensus and influence change across engineering and product organizations without direct authority.

• Experience in aligning security practices with regulatory and compliance frameworks such as SOC 2, ISO 27001, or similar.

What We Offer:

• 100% remote work environment - since our founding in 2015

• Generous paid time off policy, including vacation, sick time, and paid holidays

• 12 weeks of paid parental leave

• Highly competitive and comprehensive medical, dental, and vision benefits plans

• 401(k) with a 5% contribution regardless of employee contribution

• Life and Disability insurance plans

• Stock options for all full-time employees

• One-time $500 reimbursement for building/upgrading home office

• Annual allowance for education and professional development assistance

• $75 USD/month digital reimbursement

• Access to the BetterUp platform for coaching, personal, and professional growth

Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.

We do discriminate against hackers who try to exploit businesses of all sizes.

Accommodations:

If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to [email protected]. Please note that non-accommodation requests to this inbox will not receive a response.

Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.

#BI-Remote