Manager, Security Engineering (US- Remote) at DISQO
As a Security Manager, you will:
- Establish our Security Engineering team and build a world-class culture that engineers relish being a part of.
- Define and own the Security Engineering OKRs & roadmap and conduct quarterly roadmap reviews. In addition, you should be able to champion and partner with our engineering leaders to set and maintain effective Security SLOs across the org.
- Use a "Product Management" mindset to engage with internal and external stakeholders to align on security vision, strategy and priorities.
- Work closely with our CTO and our product & engineering leadership to set standards around patterns, frameworks, technologies, and processes to promote a simple and consistent approach across multiple types of services.
- Be the champion of our DevSecOps culture and build a strong cross-collaboration between Platform, SRE, Security and Software Engineering teams.
- Act as a model of InfoSec practices, integrity and transparency, evangelizing the use of cryptography, data handling, threat awareness and operational security.
- Leverage your IAM fundamentals and understanding of the identity lifecycle to build and enhance systems that control, limit and continuously audit the integrity our identity plane
- Work to build, maintain and continuously enrich the quality of our security telemetry, working to improve our threat data using a combination of off-the-shelf technologies and custom engineering.
- Perform security reviews and threat assessments on an as-needed basis to ensure the upkeep and maintenance of our security posture
- Identify, verify and contain and remediate threats: serve as Incident commander security incidents, ensuring that potential issues are identified, classified, contained and documented in accordance with InfoSec policies.
- Drive detailed RCA in the wake of incidents, ensuring a level of analysis that ensures both a deep understanding of the incident, it’s content, and the controls and remediation that will prevent it from recurring.
- Role model Servant Leadership, making leadership excellence a continuous priority for your own personal development and that of your teams.
- Embrace, model and champion all of DISQO’s values - adding to the growth of our culture
- Strong work ethic with the ability to understand and exhibit Agile principles and methodology
What you’ll bring:
- 4+ years of building and leading Security teams across multiple time zones. Broad understanding of multiple knowledge domains, including IAM, vulnerability management, threat detection, AppSec, SAST/DAST, IDS/IPS, incident response and orchestration-based automation and response.
- 7 years progressive experience in a combination of security, software and platform engineering
- 3 years developing security services or tooling with a modern, high-level language, ideally golang
- A background that involves creating a layered security perimeter in the context of a cloud and container-based microservices in AWS
- Deep experience with SOC2, CCPA and GDPR is highly desirable
- Experience supporting (or building) a security operations function in startup environments, ideally serving as incident commander for security incidents
- Knowledge of networking fundamentals, including TCP/IP, OSI stack model, L2, L3 and L7 fundamentals and raw packet analysis.
- One industry-recognized security certification (CEH, CISSP, CCSP, CISA) -- or the willingness to secure one within six months
- Servant Leader and Agile DNA