Product Security Lead

Product Security Lead page is loaded## Product Security Lead locations:
Dallas-Fort Worth Metroplextime type:
Full time posted on:
Posted Todayjob requisition :
JR110041
** Aven Hospitality
** is an innovative technology provider powered by
** Syn Xis,
** the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition.

With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction.

Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections.

We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next..## Product Security Lead The
** Product Security Lead
** will own the security of the organization's products and supporting corporate functions and technology throughout the entire lifecycle, from ideation to decommissioning. This role works with the development, IT, and Aven Hospitality business operations teams to drive the Secure Software Development Lifecycle (SSDLC), ensures secure-by-design principles, manages supply chain risks, and addresses emerging threats like AI vulnerabilities and software bill of materials (SBOM) requirements, balancing security with velocity and innovation.  

This role will act as a subject matter expert (SME) and liaison between cybersecurity and the business team in the implementation of enterprise information security policies, standards, and frameworks.
*
* Qualifications:

*** Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or a related field (Master's preferred)
* 7+ years of experience in cybersecurity, with at least 4 years focused on product security, application security, or secure development programs
* Proven track record implementing SSDLC in agile/Dev Ops environments, including threat modeling (e.g., STRIDE) and tool integration
* Strong knowledge of web, mobile, cloud-native, and API security, plus supply chain risks (e.g., SBOMs, SLSA)
* Excellent leadership and communication skills to influence product roadmaps and educate cross-functional teams
* Aptitude for understanding internal organizational environments and products and their relationship to the external business environment
* Ability to develop a full and deep understanding of the Aven Hospitality business operations and product suite
* Able to effectively analyze risk within the context of business problems
** Preferred Skills and Certifications
*** Certifications such as CISSP, CSSLP, OSCP, CASE, or relevant App Sec/Dev Sec Ops  credentials are highly desirable
* Experience with identifying AI security risks
* Familiarity with AI governance in products, software supply chain hardening, and automated vulnerability management
** Responsibilities:
*** Serve as an initial point of contact and liaison between the Cybersecurity team and other Aven Hospitality business departments for security related topics (non-incidents)
* Partner with product, commercial, and development teams to get strategic security projects prioritized and committed on the development roadmap
* Participate in cybersecurity compliance work and risk and security assessments
* Lead the implementation and maturation of the Secure Software Development Lifecycle (SSDLC/SDL), integrating security activities such as threat modeling, secure coding standards, SAST/DAST/SCA scanning, and penetration testing into Dev Sec Ops  pipelines
* Partner with GRC and SOC teams for product security risk assessments, vulnerability management, and incident response for product-related vulnerabilities
* Coordinate software supply chain security, including SBOM generation, third-party component risk…