Lead Security Engineer

About The Position

Requirements

• 6-8 years of experience in a Security Engineering role with proven experience in DevSecOps, Cloud Security, and Application Security.
• Strong independent critical thinking, problem-solving skills, and the ability to consistently evaluate and pivot based on the current organizational priorities.
• Experience using vulnerability scanning technologies, AST platforms, and cloud security tooling.
• Formal experience with threat modeling.
• Experience leading projects, initiatives, and resources through direct and indirect leadership.
• Deep knowledge of Assessing and prioritization of Risk with an ability to think like a bad actor and use that context to conduct threat models.
• Cloud experience (AWS, Azure, GCP)
• Infrastructure as Code (IaC) and Policy as Code (PaC) Concepts.
• Proven communication, collaboration, and critical thinking skills.
• Ability to build trusting, meaningful relationships with peers, stakeholders, partners and suppliers.
• Ability to define and communicate risk in a business-relevant language to both non-technical and technical audiences.
• Ability to apply expert knowledge to solve complex business/technical issues strategically.
• Desire for life-long learning and continuous personal/professional development

Nice To Haves

• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53.
• Ability to automate tasks and code solutions to repetitive problems.
• Scripting or programming experience (Java, .NET, HTML, Ruby, PHP, Perl, C#, Python, JavaScript, PowerShell, Bash)
• Experience with penetration testing and web application assessment.

Responsibilities

• Collaborate with business stakeholders to design secure applications, test applications for security weakness, and partner on remediation of identified issues.
• Mentor engineers and security champions on practical threat modeling techniques
• Triage and prioritize security risks, vulnerabilities, and exceptions in alignment with business impact and risk tolerance.
• Coordinate the orchestration, automation, and management of security technologies and platforms.
• Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance.
• Create reasonable and actionable reports showing direct impact to the security posture.
• Define and implement meaningful metrics to measure the effectiveness of security controls through KRIs and security scorecards.
• Serve as a subject-matter-expert for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with Partners and stakeholders.
• Evaluate business and technical requirements to identify and implement tools, processes, and technologies to improve our security posture in our environments.
• Use data to drive prioritization, highlight systemic issues, and influence roadmap decisions

Benefits

• Competitive compensation.
• Limitless growth and learning opportunities.
• Ongoing mentorship and apprenticeship; Leadership courses, development programs, technical courses, certification opportunities and more!
• A collaborative and positive culture - join a diverse team of professionals that are as smart and driven as you.
• A chance to make an impact – your work will contribute directly to our strategy.
• Enjoy the flexibility of working from home and the energy of collaborating with peers in our dynamic offices.
• 20+ PTO days plus holidays and floating holidays in your first year.
• Extensive medical, dental insurance and vision plan.
• 401K with corporate match, immediate vesting.
• Health-and-wellness-related allowance programs.
• Parental leave.
• Tuition reimbursement.
• Employee Stock Purchase Plan.
• Employee Assistance Program.
• Gartner Gives Charity Match.
• And much more!