Security Product Owner

Location: Burlington, Vermont

Type: Full Time

Education: Bachelor's Degree

Experience: 3 - 5 Years

The Product Security Engineering team creates and supports code- and dev- first security tooling and automation for software engineering teams within Cox Automotive. Our team’s mantra is to enable engineering teams to make good security decisions through education and security-focused capabilities that protect the developer experience. In this team, you’ll be immersed in an environment that cultivates collaboration and provides multiple opportunities for creative problem-solving.  Our team members learn from each other to continually improve our practice of secure software engineering. We foster an environment of continuous learning and mentorship to shape our culture.

Job Overview:

We are looking for a Security Product Owner, to help this team create an end-to-end approach for building dev-frictionless security tools and capabilities. These tools and capabilities should allow us to integrate security into every step of the development cycle.

This candidate will join a stellar team of strong self-motivated security engineers that have deep software engineering experience. You’ll work closely with stakeholders across the Enterprise Security and Risk organization, as well as Product Central, to develop and then own a roadmap of security-focused tooling and capabilities. You are a person with a passion for getting things done. This role is a career defining opportunity for someone to play a pivotal role in reshaping the cybersecurity landscape of software development at Cox Automotive.

As a product owner, you’ll be a creative, technical thinker who is as equally comfortable getting into the weeds of problems when needed, as well as pulling back to ensure the product vision is successfully aligned to achieve our ambitious, yet critical, mission.

This is an individual contributor role. While our team members at Enterprise Security are geographically distributed, and this position is based out of any Cox Automotive Engineering location. There is some light travel required for IP/quarterly planning. The team culture is energetic and interactive and where security and best engineering practices are top of mind.

Primary Responsibilities:

  • This role combines product owner and scrum master responsibilities
  • Create requirements against the roadmap
  • Understand our security tooling/product suite (built and bought)
  • Support all aspects of product management, with an ownership mindset and consistent delivery on commitments.
  • Communicate clearly and succinctly across departments and to senior management and stakeholders concerning product status, trade-offs, and key recommendations
  • Engage and participate in all Agile/Scrum ceremonies such as daily stand up, program increment (PI) planning, backlog grooming, epic and story creation
  • Build and refine requirements / stories / tasks and define acceptance criteria in a manner understandable to the Engineering teams
  • Own, maintain, and prioritize the agile product backlog: Define sprint and program increment goals and objectives with the team
  • Build strong partnership with the Director of Product Security Engineering to execute against agreed upon roadmap
  • Identify and manage dependencies across teams within the product and broader solution
  • Help the team stay focused on asks by identifying and removing roadblocks
  • Stay up to date on relevant trends, new technologies, methodologies, constantly exchange ideas and innovate.


  • Bachelor’s Degree in Business, Marketing, Engineering, Communications, or a related field
  • 3+ years of recent experience in related product management. 3+ years of experience in Software Security, preferred.
  • Experienced working in a scrum software development team. Must be a practitioner of scrum practices and principles
  • Technical enough to work closely with our engineering team
    • Experience working on or directly with software security development
    • Familiar with modern application development best practices
    • Familiar with DevSecOps concepts in agile environments
    • Familiar with information security domains and APIs
    • Knowledge of various security tools: SAST, DAST, Container scans, SCA
  • Strong communication skills to provide demos and work optimally with internal partners, stakeholders and customers (engineering teams)
  • Experience building consumer facing products at scale is a plus
  • Highly data-driven and analytical, and you always have the facts to back up your recommendations.
  • Comfortable with fluid situations and competing priorities.
  • Training and certification as a professional scrum product owner (PSPO) or as a certified scrum product owner (CSPO) or SAFe product owner a plus

© 2024 Vermont Technology Alliance

Site by Scout Digital