Application Security Lead

Product Security Lead - Join a fast-growing Software Platform, leading on Application Security.

Summary

You will be responsible for leading on the global security strategy, working with security champions across the organisation to lead a cross-team security group formed of Software Engineers, SREs and Product Managers. This is their first hire into this leadership position, so you will have a key role in securing their ever scaling multi-tenant cloud environment. This may be well suited to a strongly technical Application Security Engineer looking to step up, standalone role for now but you will have headcount to hire as the team grows.

More about the role...

• Be a key member of the architecture forum, ensuring new components are designed with security best practices
• Own initiatives aimed at implementing and automating security controls, reducing risk, establishing a security-first culture, adopting a secure code development practice, contributing to our compliance & regulatory posture, and providing technical leadership for security
• Keep track of product vulnerabilities in the backlog and control vulnerability mitigation SLAs
• Drive application security best practice across the engineering teams - DevSecOps
• Work closely with Software Engineers and SRE's to make sure products are secure throughout the development lifecycle
• Lead or respond to security investigations as necessary, which may include an on-call follow the sun model
• Conduct Product Security training and workshops
• Engage with customers and partners and communicate their feedback to relevant parts of the organization
• Transform security from siloed practices to everyone's responsibility by integrating security activities into development routines and processes

Ideally you will have...

• Outstanding interpersonal skills, and ability to build strong relationships across a dynamic, growing team
• A good understanding of business needs and objectives
• Ability to drive change and take initiative in a self sufficient way
• Ability to educate and explain complex concepts with simple words
• You have knowledge and proven experience within Information security,
• Application security (OWASP), Cloud security, and secure continuous delivery
• A deep technical background in large-scale multi-tenant & container based cloud environments
• Understanding of Agile development and systems thinking
• Comfortable with large codebases that are using multiple languages and infrastructure as code
• Experienced in defining a strategy to follow and adopting that strategy across large multi-role teams
• Can provide pragmatic technical leadership for a group of fast moving engineers
• You are comfortable delving into code when needed, review pull requests and stay close to the team's work
• Ego-free attitude - we are here for the success of the team and the company

You may have

• Worked to achieve and maintain compliance for Cloud Environments such as SOC2
• Implemented or designed security controls for cloud & containerised environments
• Made contributions to codebases that were adopted or promoted to a production environment
• Played a critical leadership role in security organisations within SaaS or software companies

Salary goes up to £130,000, plus stocks.

Laptop, phone and equipment provided. Much more benefits, inc. a 30 day Global Pass where you can work from anywhere in the world.

Hybrid role, 1-2 days in the London base, but we will consider fully-remote too!

Please apply as soon as possible as we're looking to arrange interviews from this week, panashe@weareorbis.com