Senior Software Engineering Manager, Product Security

RESPONSIBILITIES: Build, lead, and grow multiple engineering teams executing on WHOOP’s product security strategy, including member authentication, vulnerability management, cloud governance, privacy rights fulfillment, and threat modeling. Oversee and drive WHOOP’s engineering readiness for HIPAA compliance, coordinating technical implementation, evidence collection, and ongoing governance activities across teams. Define and communicate long-term security strategy, architecture, and design principles for product-facing systems. Partner with engineering and compliance leadership to embed security and privacy by design across the software development lifecycle. Establish and enforce best practices, standards, and processes for secure software development, testing, and deployment. Drive continuous improvement initiatives that enhance team productivity, quality, and overall business impact. Provide mentorship, guidance, and career development for engineering managers and individual contributors. Foster a culture of innovation, teamwork, psychological safety, and continuous learning within the Product Security organization. QUALIFICATIONS: Proven experience as a technical leader managing multiple teams or a growing security engineering organization. Experience growing high level individual contributor career growth at the staff level or higher.  Demonstrated success leading security or compliance initiatives in a regulated environment, preferably HIPAA or other health data compliance frameworks. Deep understanding of product security principles, including vulnerability management, data privacy, threat modeling, and secure software development. Experience building or integrating developer security tooling to improve secure-by-default practices. Strong technical background in software development, testing, and deployment processes. Excellent communication, interpersonal, and leadership skills with the ability to influence across teams and levels. BONUS QUALIFICATIONS: Experience with AWS cloud environments and data-driven decision-making. Hands-on experience with infrastructure and cloud security in containerized environments (e.g., Docker, Kubernetes). Background in incident response and post-mortem analysis for security events. Familiarity with automation frameworks for vulnerability scanning, compliance checks, or infrastructure security. Prior experience scaling a product security or compliance engineering organization through major regulatory transitions (e.g., SOC 2 → HIPAA, or HIPAA → HITRUST). ABOUT YOU: You’re a strategic and people-focused leader who thrives on balancing hands-on technical oversight with long-term organizational growth. You have experience building and scaling teams to meet new regulatory and business demands. You’re passionate about creating secure, privacy-first systems that protect member data and enable innovation. You collaborate effectively across technical and non-technical teams and can operate confidently in both strategic and tactical domains. Above all, you believe that security and compliance are enablers of innovation, and you lead by fostering a culture that supports both speed and safety.