Director, Product Security & Incident Response

Reports to: CISO Location: Remote US Compensation Range: $220,000 to $240,000 base plus bonus and equity What We Do: Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference. Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service. We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting. What You’ll Do: As the Director of Product Security and Incident Response, you will protect Huntress from the adversaries we wreck daily with our products. You will be responsible for managing our attack surface, ensuring it is free of vulnerabilities, preparing our organization for incident response, and owning the offensive security team. This role will partner closely with the CISO and our Product and Engineering teams, and our Security Operations Center. Responsibilities: Strategic Leadership: Unified Security Vision: Develop and execute a roadmap that integrates the Secure SDLC with continuous adversary simulation. Ensure that findings from Offensive Security (Red Team) exercises are directly incorporated into the Product Security backlog. Board-Level Communication: Translate complex technical metrics (Drift, Detection Coverage) into business risk narratives for the executive leadership team (ELT) and the Board of Directors. Talent Development: Recruit, mentor, and retain top-tier talent in highly competitive fields (Offensive Security, AppSec). Build a culture of psychological safety where failure is viewed as a learning opportunity. Adversary Informed Defense: Resilience Testing: Lead the Offensive Security team to conduct "Threat-Led Defense" operations. Simulate realistic APT campaigns to test the organization's ability to withstand and recover from attacks. CSIRT Readiness: Own the Incident Response capability for the company. Drive continuous improvement in incident response through rigorous drilling and automation. Drift Management: Implement automated systems to measure and remediate Configuration Drift and Detection Drift across the enterprise. Purple Teaming: Institutionalize collaboration among Offensive Security Analysts, CSIRT analysts, the broader Security Department, and other parts of the company to validate and tune detection logic in real time. Product Security: Secure Infrastructure: Direct the security architecture for our cloud-native environment (AWS and Azure), ensuring immutable infrastructure and strict IAM governance. Vulnerability Management (VM): Oversee a risk-based VM program that prioritizes remediation based on exploitability and asset criticality. Regulatory Alignment: Ensure the product architecture supports SOC 2 and other regulatory requirements through partnership with our Governance team. AppSec Integration: Champion the use of automated security testing (SAST/DAST/SCA) within our engineering pipelines. What You Bring To The Team: Minimum of 10+ years of progressive experience in Information Security, with at least 5 years in a senior leadership role (Director/VP) managing multi-disciplinary teams (e.g., Offensive Security, AppSec, Incident Response). Demonstrable experience developing and executing a multi-year security roadmap that aligns technical controls with enterprise business objectives and risk tolerance. Proven ... (truncated, view full listing at source)