We are looking for someone to help collaborate across our network of Security Champions within Engineering, as well as with our SRE, Pipeline, Cloud and Ops teams for our SaaS and Hosted solutions, as well as our On Premise products.
Your role will help teams deliver threat models, drive security best practices, and advise on the latest security threats, trends and remediations.
You will integrate with our internal pen testing and red teaming activities, where experience in such fields, including bug bounty programs will be useful.
This is a role with many opportunities for growth and specialization.
Responsibilities and Duties:
- Drive key internal security programs across our portfolio of products.
- Consult on security best practices across our Engineering, Cloud, SRE, DevOps and Product management groups to achieve end to end security for our products.
- Lead creation of product threat models and risk assessments.
- Aid with the automating of security testing to ensure common compliance with internal standards.
- Review and advise on security tooling usage and configuration across the product lifecycle.
- Conduct trend analysis on results from security tools such as SCA, SAST, DAST, CSPM and Container Runtime Security tools, to provide unified solutions and guidance.
- Research and review the latest security tools and techniques to deliver security and business value.
- Assist our penetration testing team with reconnaissance and guidance towards potential application weaknesses to focus testing efforts.
- Develop internal security standards and policies.
- Develop and promote internal security training.
- Maintain awareness of the latest security trends and zero-day findings.
Requirements and Qualifications:
- 4/6 years minimum of Security Experience Required.
- Proven leadership skills that demonstrate your ability to deliver results across an organization.
- Proven experience of working across a wide range of application security programs and tools including SCA, SAST, DAST and beyond.
- Experience of security testing web and non-web applications.
- Proven understanding of application architectures, designs, and the tech stacks involved.
- Cloud based security knowledge and the related attack vectors (AWS preferred, Azure / GCP of value).
- Kubernetes related security and attack vectors (or other container-based deployments) useful.
- Experience of DevSecOps and the common vulnerabilities / weaknesses within the software delivery pipeline.
- Experience with scripting and automation (Python, Bash, PowerShell, workflow engines or other automation systems)
- Awareness of OWASP, SANS and MITRE ATT&CK frameworks.
- Demonstrated ability to mentor others.
- Demonstrated excellence in English communication skills in a stakeholder facing environment.
- Experience working within an agile scrum team desirable.
- Must be self-directed, resilient, and creative.
- Knowledge of FedRAMP requirements and processes advantageous.
- Software Engineering background useful.
- CISSP, CSSLP and other similar certifications beneficial.
- Full agile scrum working experience a benefit.
