This job has expired, please see additional jobs below
Director, Product Security
Internet Industry Company
San Francisco, CA, United States
Job Details - this job has expired, please see similar jobs below
Trust is the #1 company value at Company. Security is a key element of Trust. Our Product Security team ensures the security of our products and serves as subject matter experts for our R&D teams and AppExchange partners to protect our customers' data in today's rapidly evolving threat landscape. We are a team of curious minds that specialize in security research, penetration testing, and innovative tool development. We evaluate a broad range of technologies including complex web applications, distributed processing, virtualized environments and isolation of untrusted code.
You will lead, expand and develop a team of high caliber, top performing application security engineers that are focused on our client facing PaaS and SaaS environments. Your passion for security, ability to connect with and inspire your team, and in depth knowledge of application security will ensure that you deliver high impact results.
We offer great work life balance, leadership development and training, and opportunities to grow and develop as a security engineer as you work with one of the largest cloud security engineering organizations in the world.
Responsibilities:
• Manage, develop and inspire a team of application security engineers
• Ensure that the work loads are distributed and managed effectively for maximum business impact
• Delivering and executing a compelling security strategy across your team's portfolio of Application Security properties
• Partner with security executives and engineers across the organization to deliver broadly impactful security initiatives
• Contribute to long range plans that clearly demonstrate customer value and exceed customer expectations
• Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees
• Maintain strong knowledge of ongoing security threats, remediations and operational best practices
• Guide the technology organization's security and privacy initiatives by leading design reviews and threat modeling sessions
• Perform cutting-edge applied research on new attacks and present new findings to both internal and external audiences
• Perform black-box penetration testing and code reviews of our flagship services, product offerings and partners' apps.
• Participate in our incident response and vulnerability remediation efforts
• Evaluate application security tools for internal consumption. Prototype new automation and tooling to improve our detection and prevention capabilities.
Requirements:
• Prior experience managing a minimum of 5 people to include performance
• Prior experience recruiting application security engineers
• Past proven ability to deliver high impact results for application security and secure development
• Demonstrated success and influence in the Product Security space
• Experience defining security policy, technology requirements, and control objectives
• Demonstrated experience creating effective security strategies
• Strong influencing, communication and general interpersonal skills
• Driven customer advocate
• Expert knowledge of secure infrastructure architectures, application architectures, encryption and broader security technologies
• Knowledge of a broad range of attack vectors, exploits and mitigations
• B.S. / M.S. in Computer Science, Electrical Engineering or related experience.
• Demonstrated ability to write clear and comprehensive technical security content.
• 4+ years of successful security leadership at a cloud company
• 9+ years of continuous experience in Product Security work
• In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Relevant experience in several of these languages: Java, JavaScript / NodeJS, Ruby, .NET, C / Objective C, PHP, Python.
• Solid knowledge of the browser security model, crypto, and network security.
• Attacker mindset: Passion for breaking all the things unbreakable.
Bonus Points:
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Familiarity with security tools such as static analysis, runtime analysis.
• Experience in Linux OS or AWS security role
• In-depth experience identifying and mitigating security vulnerabilities in applications and operating systems
Company, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. We are the fastest growing of the top 10 enterprise software companies, the World's Most Innovative Company according to Forbes, and one of Fortune's 100 Best Companies to Work For six years running. The growth, innovation, and Aloha spirit of Company are driven by our incredible employees who thrive on delivering success for our customers while also finding time to give back through our 1/1/1 model, which leverages 1% of our time, equity, and product to improve communities around the world. Company is a team sport, and we play to win. Join us!