Security and Privacy is our business. Every day, our services and products help thousands of consumers and businesses around the globe achieve security and privacy from online threats. If you are a highly motivated, hard-working, intelligent, and passionate individual, then we have a role for you!
As a member of Information Security team, you’ll report to the Head of Engineering / CTO.
This position will be a part of the Information Security team responsible for establishing a unified enterprise security architecture to secure information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of customers and employees. The candidate will have the opportunity to directly drive and contribute with projects associated across all types including: Infrastructure, Applications, and VPN Gateways.
- Working with all stakeholders to implement cloud security architectures and best practices by determining security requirements and proposing solutions that balance business requirements with information and cyber security requirements.
- Accountable for designing a comprehensive security and privacy framework, policies and technologies to ensure Data Loss Prevention across heterogeneous devices and platform while maintaining lowest cost structure.
- Accountable for ensuring best security hygiene, practices and privacy-by-design systems such as Cloud document & collaboration suite and IAA systems
- Hands on with SIEM and associated systems, to ensure proactive defense against our global public facing infrastructure.
- Hands on with Next Gen Firewall and associated systems.
- Assisting in guiding, prioritizing, and measuring our efforts in achieving and maintaining onsite and cloud security.
- Performing internal cloud services security reviews and recommending changes or enhancements for identified security design gaps in existing and proposed architectures.
- Aligning security standards, frameworks and policies with overall business and technology strategy. Driving organization towards certifications such as ISO 27001/ others
- Designing and building prototype security solutions, including security specific test cases.
- Performing and facilitating security reviews and threat modeling exercises, identifying attack vectors that may be used to exploit cloud services and working collaboratively to remediate.
- Drive on-going security testing for vulnerabilities utilizing both automated and manual testing tools.
- Identifying and communicating current and emerging onsite and cloud security threats, including specifying requirements and controls to mitigate threats as they emerge.
- Assisting with security reviews of third party vendors and services providers when needed.
- Assisting with Incident Response as required and contributing to GDPR breach notification efforts.
- Working cross company to identify and implement GDPR requirements, related to cloud services offerings
- Excellent communication and leadership skills
YOU MUST HAVE:
- 2+ years Technical leadership experience in the software security field including customer interfacing
- Minimum 6+ years familiarity with Cloud-based applications, server based software, mobile applications and embedded software
- Minimum 5+ years with incorporating cyber security into software development processes and programs
- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
- Master's degree in Computer Science or Cybersecurity
- Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP
- Background in systems engineering
- Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
- Understanding of security by design principles and architecture level security concepts