Staff Product Manager, Security Configuration Management

About the Role: 

Dragos is seeking a staff-level Product Manager to join the Product team building OT/ICS cybersecurity products, with a focus on security configuration management across extended operational technology (xOT) environments, which span traditional OT and ICS control systems, industrial IoT devices, and the enterprise-connected IT infrastructure that supports and influences physical operations. You will work closely with the product team, leadership, internal stakeholders, and customers to drive an effective product roadmap using product discovery, customer requests, internal requirements, use case validation, prioritization, definition, and execution for assigned products. 

Responsibilities 

• Own and evolve the product vision and strategy for Security Configuration Management (SCM) within the Dragos Platform, focused on securing the full xOT environment, spanning traditional OT/ICS control systems, industrial IoT devices, and the IT assets that influence operational outcomes. 

• Translate customer needs, compliance mandates, and market trends into a clear quarter-over-quarter SCM roadmap. 

• Drive the development and management of core SCM capabilities, including configuration hardening and remediation, continuous drift detection, and compliance reporting across the full xOT environment. 

• Define and evolve the configuration policy engine, including logic for evaluating device configurations against security baselines and industry frameworks such as IEC 62443, CIS Benchmarks, NIST SP 800-82, NIS2, and NERC CIP, along with the compliance reporting workflows that support customer audit readiness. 

• Partner with asset intelligence and data collection teams to ensure the SCM product has accurate device profiles, firmware intelligence, and vulnerability context required for high-fidelity configuration assessments. 

• Define requirements for device data normalization, configuration baseline management, and enrichment pipelines that ensure consistent and accurate drift detection and policy evaluation across diverse device types and manufacturers. 

• Engage directly with customers and customer-facing teams to discover and validate use cases, gather feedback, and iterate on product direction. 

• Develop a deep understanding of xOT device security posture, hardening methodologies, and the threat landscape associated with device misconfigurations, default credentials, unpatched firmware, and unmanaged device risk. 

• Represent Dragos’s perspective on security configuration management capabilities, device hardening best practices, and compliance readiness to customers, analysts, and industry groups. 

• Collaborate with internal stakeholders to identify business opportunities, clearly communicating solutions, costs, and business case justifications. 

• Make decisions regarding prioritization, trade-offs in features, timelines, resources, and quality, ensuring alignment with business goals. 

• Communicate product requirements with a clear business rationale to Engineering teams. 

• Independently measure, track, and develop plans to improve product KPIs. 

• Support Sales with product insights for POCs, competitive positioning within the xOT security market, and technical guidance that connects SCM capabilities to customers' compliance, resilience, and operational continuity requirements. 

• Play a key role in shaping the go-to-market strategy for SCM, positioning the product within Dragos's broader xOT security architecture and developing compelling narratives that connect configuration management to operational resilience and compliance outcomes for customers. 

Qualifications 

• 8+ years of Product Management experience building or maintaining enterprise security products in cybersecurity, device security, configuration management, endpoint security, or adjacent security domains. 

• Strong understanding of security configuration management concepts, including device hardening methodologies, configuration baseline and drift management, automated remediation workflows, and the policy evaluation approaches that enable organizations to enforce and maintain secure device configurations at scale across diverse device types. 

• Experience with active device profiling and discovery methods, including protocol-level fingerprinting, agentless assessment approaches, and the data collection techniques needed to accurately characterize diverse xOT device types across industrial and enterprise-connected environments, without disrupting operations. 

• Understanding of how configuration policy engines evaluate device state against security frameworks, how policy violations and drift events are prioritized and surfaced for operator action, and how remediation evidence is captured to support compliance reporting against frameworks such as IEC 62443, NERC CIP, NIS2, and NIST SP 800-82. 

• Exceptional analytical skills with the ability to extract valuable insights from complex data. 

• Technical fluency with APIs, data models, asset graphs, and backend workflows to effectively partner with Engineering. 

Compensation: 

• Salary:  200,000.00

• Competitive Equity Package  

• Comprehensive Benefits Plan 

#LI-JF1 #LI-REMOTE