Vacancy expired!
Title: Security ManagerLocation: Santa Clara, CA / Onsite as needed.Duration: Contract / C2H
The role includes Identifying vulnerabilities and threats and addressing systemic risk Helping improve the company's Secure Development Lifecycle Performing security code and architecture reviews Running threat modeling and adversarial viewpoint exercises Performing internal pen-tests and managing third-party pen-tests Leading Engineering for Security and Privacy by Design initiatives Building tools and automation to identify, classify, and manage security issues Being a technical leader and mentor to the Engineering, Product, and Security teams Collaborating with Engineering, IT, Global Support, Sales, Marketing, and others Leading blameless post-mortem and risk reduction exercises Leading product security outreach, training, and awareness developmentQualifications: Have a broad understanding of general software development practices, the associated risks, and the components of a modern product security program Work proactively or with limited guidance on tasks or work Collaborate well with teammates across functions including the ability to enable those teammates via formal and informal training and mentoring Code comprehension in two or more languages (e.g. C is a must, Python, Java, etc.) Understanding of common security flaws and how to prevent them (e.g. OWASP, CSC, etc.) Understanding of vulnerability classification and scoring (e.g. CVSS, CWE, etc.) Have opinions on and demonstrated experience with hardening of servers and appliances based on Linux Development experience in automated analysis testing Knowledge of crypto, especially TLS, x509, and SSH Hands-on experience with DevOps (CI/CD) process and technologies Knowledge of techniques for targeting a hardware attack surface, and methods for mitigating those attacks Experience with running or participating in bug bounty and responsible disclosure programs (esp. aligned with ISO29147 - Vulnerability disclosure) - MUST Understanding of common product security standards (e.g. Common Criteria, FIPS 140, FedRAMP (Federal Risk and Authorization Management Program), SOC2, etc.) / SOC2: compliance checklist Experience with threat modeling (e.g. STRIDE, DREAD, etc.) Securing cloud infrastructure (e.g. AWS, Azure, Google Cloud Platform) ARB experience? (architecture review board)? Scripting and automation of security tooling for agility and effectiveness We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.Vacancy expired!