Senior Product Manager to support Application Security Onboarding involving SAST, DAST, or OSSS with one one of our major banking clients- 38962

Senior Product Manager to support Application Security Onboarding involving SAST, DAST, or OSSS with one one of our major banking clients- 38962

Work arrangement: Toronto-Hybrid- 3 days/week, potentially changing to 4 days.

Contract Duration: 6 months

Schedule Hours: 8:30 am-5 pm Monday-Friday (37.5 hrs/week)

• Business group: Cloud & Platform Engineering. (Enterprise Security - Application Security)
• Cloud management and application security of the bank.
• The Product Manager - AppSec is responsible for supporting the delivery of security capabilities across the software development lifecycle. This role works closely with cross-functional teams to promote secure-by-design practices and drive adoption of security tools and processes.
• The Product Manager will support AppSec onboarding by validating tool features hands-on, creating training materials, delivering internal demos, and assisting with policy reviews to drive adoption and improve security practices.
• Project/Initiative: We have numerous apps across various CI/CD pipelines that need to be onboarded as part of this DAST (Dynamic Application Security Testing). This role is to ensure that the transition is smooth - building reusable onboarding frameworks, creating training materials, and running outreach programs so teams adopt the platform seamlessly.

Typical day in role:

Product Execution & Planning

• Support the development and execution of product roadmaps for AppSec capabilities.
• Translate product strategy into actionable tasks and user stories.
• Work directly with security tools to evaluate, configure, and optimize SDLC integrations
• Assist in backlog management and feature prioritization based on business value and risk.

Team Collaboration

• Partner with engineering, architecture, and DevOps teams to deliver security capabilities.
• Participate in Agile ceremonies including sprint planning, stand-ups, and retrospectives.
• Help facilitate working sessions to resolve delivery blockers.

AppSec Enablement

• Support the rollout and configuration of application security tools (e.g., SAST, DAST, SCA).
• Partner with development teams to enable security checks in their workflows.
• Support security findings review to validate accuracy and help prioritize policy updates.
• Monitor emerging threats and industry trends to guide feature enhancements.
• Collaborate with security teams to maintain a strong application security posture.
• Contribute to defining rules and policies that align with organizational risk tolerance.

Stakeholder Engagement

• Develop training materials to educate internal teams on product security features.
• Contribute to stakeholder communications and reporting.

Product Ownership & Vendor Coordination

• Maintain product backlogs and assist in defining epics and user stories.
• Support vendor coordination and onboarding activities.
• Contribute to business case development and cost/benefit analysis.

Data-Driven Insights

• Use data insights to support roadmap decisions and measure product impact.
• Assist in preparing presentations and reports for leadership and stakeholders.
• Define KPIs to measure capability effectiveness (e.g., scan coverage, false positive rate, time to remediation).

Candidate Requirements/Must-Have Skills:

• 8 years’ experience in IT with at least 2 + years of experience on application security (preferably, SAST, DAST, or OSSS). Someone who has worked before as an Application security product manager/specialist.
• 3+ years’ experience with product strategy and maintaining a product backlog
• 3+ years working in Agile teams; experienced in sprint ceremonies and writing epics/user stories
• Demonstrable communication and presentation skills for technical and executive audiences

Nice to have:

• Exposure to popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
• CISSP/CCSP/CSPO/SAFe POPM Certification

Best vs average

The best candidate is someone with in-depth exposure to app security, including day-to-day operations and the integration of AppSec tools into the developer environment. Someone with both product management and App security experience.

An average candidate is someone who isn’t quick to adapt/learn or work in a dynamic environment.

Education & Certificates:

Bachelor’s Degree in Engineering, Information Sciences, or equivalent field

Candidate review and selection:

2 rounds of interviews

1 - Senior product managers; In-person interview - 45min - 1 hour for behavioral, technical AppSec assessment, critical thinking, logical questions, etc.

2 - Director; 1 hour for behavioral, presentations, and cultural fit.