Sr. Director, Cybersecurity

Bugcrowd-posted 3 months ago
$204,800 - $256,000/Yr
Full-time • Senior
251-500 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We specifically seek a hands-on, technical security leader. You bring experience building security monitoring, reference architectures, deploying tools, integrating platforms, assessing modern cloud-native applications and infrastructure - and leading teams executing that mission successfully. You lead with an open mind, a can-do attitude, seek truth and alignment over winning arguments, and see incident response as an opportunity to learn, grow, and improve partnership across our global teams.

  • Define the Cyber Security Strategy for Bugcrowd and identify areas of improvements to the threat landscape, internal risk tolerance objectives, and/or compliance objectives.
  • Ensure the technical aspects of vendor acquisitions and tools are safe for Bugcrowd’s use, in unison with the IT and compliance teams.
  • Assess corporate technology systems, determine strategy for changes, enhancement and improvements; recommend and implement the same, from the perspective of cyber security.
  • Carry out and fulfill the cyber security strategy of Bugcrowd, proactively improving the security posture with time.
  • Work with GRC to assist in designing, develop, implement and coordinate areas of policies and procedures for compliance with SOC-2, NIST 800-53v4, ISO27001, ISO27018, and FedRAMP.
  • Represent Bugcrowd in the internal and external audits for SOC-2, ISO27001, and ISO27018.
  • Manage Bugcrowd’s bug bounty program, ensuring that clients have a standard to aspire to, when running their own bounty programs.
  • Analyze new features prior to development or launch, to ensure the security measures in place are sufficient for the project.
  • Manage the access controls for Bugcrowd’s production codebase (GitHub).
  • Approve and analyze authorization requests to production data (AWS, GitHub, Tableau, etc.).
  • Perform regular audits of Bugcrowd’s cloud infrastructure, alongside helping with architecture of any cloud solutions from the security perspective.
  • Manage and audit all vulnerability scans (internal and external) for all of Bugcrowd’s systems (Qualys and Nessus).
  • Proactively test and identify issues within Pull Requests and production to find issues.
  • Automate security tasks to proactively identify and fix security issues within Bugcrowd.
  • Perform configuration management upon all Bugcrowd systems (IT and cloud).
  • Perform code audits on new features, patches, etc.
  • Perform IR for all parts of the business (on-call 24x7) and perform root cause analysis upon the incidents to properly mitigate them in the future.
  • Aid with forming an Incident Response Plan (IRP) based on these incidents.
  • Perform threat intelligence to proactively find issues relating to Bugcrowd’s security posture.
  • Plan implementation of security controls, in unison with the required teams.
  • Monitor the security controls for all of Bugcrowd’s systems and build a team to do the same.
  • Perform malware analysis on any potential malware, should the forensic requirements arise during IR.
  • Coordinating red team engagements against Bugcrowd and implementing security controls to mitigate any issues found.
  • Develop security awareness materials for all roles within the Bugcrowd organisation.
  • Aid the Legal team with GDPR related issues from researchers and programs.
  • Perform table top exercises within the Bugcrowd organization to ensure the organization is prepared for future threats.
  • Aid with business continuity testing, since the internal cybersecurity team plays a major role within the process.
  • Present findings and observations to the ISMS committee.
  • Portray and represent the technical controls and engineering areas within the ISMS committee.
  • Lead and manage a team of internal cybersecurity professionals.
  • Train and grow the security team with objectives that are defined, measured and monitored.
  • Support Security Leadership with delegated responsibilities, as requested.
  • Take a proactive, collaborative and respected leadership role in the Company to galvanize support of a robust, efficient and secure technology organization.
  • Manage a team of hungry and fast growing security professionals with both strong attack and defense skills.
  • Proven work experience leading Cyber Security (penetration testing, red teaming, GRC, IR, secure development, and security architecture) in a startup and growing with the organization.
  • Excellent knowledge of technical security controls, including cloud, web application, infrastructure, IT, and compliance.
  • Experience in data governance, data architecture, data flow and system architecture to optimize the same.
  • Hands-on experience with penetration testing, red teaming, and security patch bypass testing.
  • Ability to work independently and must have strong organizational and communication skills.
  • Detailed knowledge of the following stack: Mac OS, Python, JavaScript, Ruby, Golang, Java, Kotlin, Postgres, GSuite, Cisco Umbrella, Netskope, Crowdstrike, GitHub, AWS, Heroku, Cloudflare, DataDog, JAMF, etc.
  • Familiarity with Jira is a plus.
  • Experience related to and assistance with ISO27001, ISO27018, NIST 800-53v4, and SOC2 audits is compulsory.
  • Degree in Computer Science, cyber security, MIS or equivalent experience desirable but not required.
  • Experience in cyber security with demonstrations of responsibility and technical excellence.
  • Must be eager to work hard, to learn many new skills, solve problems, and integrate tightly with the rest of the team.
  • Willingness to support a global organization with limited staff via off hours activity while maintaining a healthy work-life balance.
  • Familiarity with Jira.
  • Remote work-from-home 100% of the time.
  • Discretionary bonus program or commission plan.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service