We seek a highly proficient and driven Security Leader to take charge of designing, implementing, maintaining, and advancing security solutions within a dynamic high-growth startup environment. Under the guidance of the Director of Platform & Security, you will serve as a hands-on leader within the organization, safeguarding our systems' security and integrity in the face of a continually evolving security landscape. Your role entails a deep passion for staying at the forefront of security engineering practices and methodologies to meet business needs, constantly exploring innovative techniques, tools, and solutions to elevate our security posture.
**The Excitement of this Role:**
- Thriving in a fast-paced environment where organizational requirements are ever-evolving, offering opportunities for learning, growth, and tackling challenges posed by shifts in the security threat landscape.
- Elevating and maturing business capabilities in cybersecurity, zero-trust engineering practices, identity and key management, encryption methodologies, secure engineering practices, and system/application designs, among others.
- Identifying short and long-term security imperatives to shape the company's information security strategy.
- Collaborating with engineers, product teams, leaders, and specialists to execute and steer a security strategic plan and vision for the business and our products.
- Crafting solution frameworks and strategies that adapt to the evolving needs of the business, products, and our customers, thereby fortifying and advancing our security stance.
- Leading or actively participating in projects related to risk management, compliance, business policies, vulnerability management, security project management, and knowledge management.
- Owning and addressing direct and indirect issues that influence the overall security posture within the organization.
- Working closely with cross-functional teams (backend, frontend, product, site reliability, platform) to establish, implement, and oversee security processes and best practices.
- Collaborating on the procurement and execution of external penetration tests, as well as driving the resolution of identified issues.
- Engaging in incident response activities, including containment, investigation, and the prevention of future information security incidents.
- Staying informed about current and emerging security threats and providing insights to design security capabilities for risk mitigation.
- Analyzing business projects and roadmaps, identifying security dependencies and risks, and contributing to the design of solutions to mitigate those risks.
- Testing and auditing information security controls across enterprise, cloud, and product environments.
**About You:**
- You possess seasoned expertise in cybersecurity or related domains. While CISM, CCSK, and CISSP certifications are advantageous, they are not mandatory.
- Demonstrated proficiency in application security, risk management, authentication systems, system security testing, and fortification, as well as cloud security.
- A background in core system engineering skills spanning hardware, software, and networking technologies, coupled with analytical and troubleshooting abilities.
- Experience within the SaaS industry and familiarity with technologies commonly employed by leading cloud providers.
- You excel in collaborative environments, actively contributing positive energy to the team and ensuring effective communication.
- A solid grasp of national and regional information security standards, frameworks, and guidelines (e.g., NIST, SOC, ISO, GDPR, BDSG, etc.).
- Comfort in engaging with senior leaders, engineers, product teams, and, when necessary, customers, discussing the current state of our security architecture, best practices, and strategic initiatives.
- Familiarity with security automation platforms, secure coding practices, and open-source software.
- Comfort with programming languages, libraries, frameworks, and associated security controls and practices, or a commitment to maintaining this knowledge.
- A passionate commitment to our mission of closing pay gaps and fostering fairness in the workplace.
**Role Progression:**
- In the initial month, you'll acclimate to our existing practices and system architecture, interact with engineering teams, and become enthusiastic about the prospects ahead.
- By the third month, you'll actively engage in system architecture, tooling, and strategy discussions, possessing a solid foundational understanding of our system architecture and actively participating in team assignments.
- At the six-month mark, you'll take the lead in ensuring team security through internal audits, educational sessions, and informative engagements with various teams.
- Within a year, you'll celebrate the automation of a significant portion of our security tooling while strategizing for further growth and expansion.
**Interview Overview:**
Our Senior Manager, Cybersecurity position's interview process includes:
1. A 30-minute interview with a member of our Talent Team.
2. A 30-minute Zoom interview with the Hiring Manager.
3. Four video interviews with several team members (Director, Compliance, Manager, Principal), totaling 3 hours.
4. A final interview with the CTO, lasting 30 minutes.