Things you're good at
- Ownership: Dive in and take ownership of activities like code security reviews, threat modeling, static and dynamic security testing, and conducting security training for developers.
- Architecture: Provide application security guidance and oversight across Engineering and Product teams.
- Organization: Work across various layers of our company in an inspired, efficient way. Provide hands-on remediation guidance to teams across the organization.
- Prioritization: Prioritize initiatives to demonstrate alignment with our business strategy and value propositions. Communicate priorities and drive consensus on the path forward. Identify, prioritize, and promote security practices that create the most impact in reducing overall security risk of our applications.
- Collaboration: We bring out the best in each other. We're looking for people who will bring out the best in all of us. This role should seek to influence the design and implementation of upcoming products and services with security and privacy design in mind.
- Automate security testing to improve our SDLC workflow
- Help write secure applications and services through design, development, and implementation of secure software development practices
- Security code reviews to ensure the protection of customer information
- Collaborate and advise engineering teams on building authentication, authorization, and encryption solutions
- Support of security enhancement and development
- Evaluate our infrastructure for risks and security vulnerabilities
- Perform vulnerability testing, risk analysis, and security assessments
- Ensure that identified issues are prioritized and addressed in an appropriate time frame
- Develop and report metrics measuring the state of the security program
- Research emerging technologies and maintain awareness of current security risks
- Help to develop security training and education for our software engineers
- Minimum 5 years of experience in the information security field
- BS in Software Engineering or related field
- In-depth knowledge of mobile, backend and web application vulnerabilities and ability to articulate impacts to technical and business teams
- Experience with performing threat modeling and designing secure mobile application architecture
- Working knowledge of OWASP projects
- Proficiency in Python
- Experience with creating and supporting a Secure Software Development Lifecycle (SSDLC)
- Experience with dynamic and static web application testing tools
- Strong knowledge of securing cloud infrastructure (ie. AWS, GCP)