This position is 100% remote and Direct Hire.
No C2C & No applicants that require sponsorship now or in the future.
As a member of the Information Security team, you will collaborate with Platform Engineering and Software Development team members to plan and implement various security initiatives. The team will look to you for your strategic expertise, reliable execution, and sound judgment to improve and maintain our security infrastructure, along with creating and improving processes for maintaining a secure product and environment.
As our sought-after security professional, you will have the opportunity to contribute to strategic planning, make impactful recommendations, and implement improvements to our security posture. Your role is not just about executing security initiatives, but also about shaping our security strategy. You will collaborate with application developers to enhance the security of various product features, design and implement security controls, and respond promptly to security breaches. Your ability to monitor and analyze security events, integrate security best practices throughout the software development lifecycle, and develop strategies to mitigate vulnerabilities will be key to our success. Additionally, you will proactively train developers and raise security awareness within the organization, respond quickly to security threats, assess and report on threat levels, and assist in maintaining compliance with relevant industry standards.
The ideal candidate will have over five years of relevant experience and a strong understanding of security best practices for building web applications. They should know cryptography, authentication, authorization, secrets management, data security, web technologies, and cloud security. Hands-on experience with security testing tools such as Burp Suite and OWASP ZAP, as well as experience with secure coding practices and security frameworks like OWASP, NIST, and CIS, is essential. The candidate should have experience building, supporting, and securing cloud-based web infrastructure using AWS and/or Azure. A solid understanding of software engineering, deployments (CI/CD pipelines, SCM), and the ability to conduct security assessments of applications is required. They should possess a deep understanding of web application infrastructure, particularly .NET and JavaScript, and have experience in DevSecOps with a tech stack that includes Git, Docker, Windows, Linux, Datadog, SIEM, AWS Security products, Lambda, PowerShell, and Terraform.
Here are four significant points the Director of Information Technology would like to see in the ideal candidate:
- Must have a general security mindset, be deeply knowledgeable, and have experience in being responsible for AppSec and cloud security.
- We need someone who can guide developers and help them understand and prioritize when, where, and how different security elements enter the SDLC.
- You can monitor security adoption and adherence in development.
- You must understand how to secure IaaC and CICD.