Product Security Lead - Join a fast-growing Software Platform, leading on Application Security.Summary
You will be responsible for leading on the global security strategy, working with security champions across the organisation to lead a cross-team security group formed of Software Engineers, SREs and Product Managers. This is their first hire into this leadership position, so you will have a key role in securing their ever scaling multi-tenant cloud environment. This may be well suited to a strongly technical Application Security Engineer looking to step up, standalone role for now but you will have headcount to hire as the team grows.More about the role...
Ideally you will have...
- Be a key member of the architecture forum, ensuring new components are designed with security best practices
- Own initiatives aimed at implementing and automating security controls, reducing risk, establishing a security-first culture, adopting a secure code development practice, contributing to our compliance & regulatory posture, and providing technical leadership for security
- Keep track of product vulnerabilities in the backlog and control vulnerability mitigation SLAs
- Drive application security best practice across the engineering teams - DevSecOps
- Work closely with Software Engineers and SRE's to make sure products are secure throughout the development lifecycle
- Lead or respond to security investigations as necessary, which may include an on-call follow the sun model
- Conduct Product Security training and workshops
- Engage with customers and partners and communicate their feedback to relevant parts of the organization
- Transform security from siloed practices to everyone's responsibility by integrating security activities into development routines and processes
You may have
- Outstanding interpersonal skills, and ability to build strong relationships across a dynamic, growing team
- A good understanding of business needs and objectives
- Ability to drive change and take initiative in a self sufficient way
- Ability to educate and explain complex concepts with simple words
- You have knowledge and proven experience within Information security,
- Application security (OWASP), Cloud security, and secure continuous delivery
- A deep technical background in large-scale multi-tenant & container based cloud environments
- Understanding of Agile development and systems thinking
- Comfortable with large codebases that are using multiple languages and infrastructure as code
- Experienced in defining a strategy to follow and adopting that strategy across large multi-role teams
- Can provide pragmatic technical leadership for a group of fast moving engineers
- You are comfortable delving into code when needed, review pull requests and stay close to the team's work
- Ego-free attitude - we are here for the success of the team and the company
- Worked to achieve and maintain compliance for Cloud Environments such as SOC2
- Implemented or designed security controls for cloud & containerised environments
- Made contributions to codebases that were adopted or promoted to a production environment
- Played a critical leadership role in security organisations within SaaS or software companies
Salary goes up to £130,000, plus stocks.
Laptop, phone and equipment provided. Much more benefits, inc. a 30 day Global Pass where you can work from anywhere in the world.
Hybrid role, 1-2 days in the London base, but we will consider fully-remote too!
Please apply as soon as possible as we're looking to arrange interviews from this week, firstname.lastname@example.org