What You’ll Do

• Embed with the product teams and attend regular stand-ups and planning meetings and build positive relationships with key partners
• Serve as the security authority on your product, ensuring the corporate security controls are working as designed, that security requirements are provided to the team before coding begins, and that vulnerabilities are being fixed within their SLAs
• Ensure s-SDLC controls are embedded in your product and serve as control owner for a subset of these controls, mentoring other team members
• Engage in application and domain-specific threat modeling, and attack surface analysis and reduction
• Work alongside engineers, performing peer review and mentoring as needed
• Assist in continuous improvement efforts and serve as a resource for more junior members

What You’ll Bring

• At least 5 years experience in securing enterprise-grade web applications and services with demonstrated expertise in threat modeling and attack surface analysis.
• Solid understanding of common languages such as Ruby, Javascript, Go, etc.
• Strong experience in web application security issues and standards (ex. OWASP Top 10, SANS Top 25, etc.)
• Understanding and experience with securing public cloud deployments, including AWS and/or Azure, and serverless architecture 
• Familiarity with CI/CD tools and processes, such as GitHub, Travis CI, CircleCI, Docker, and Kubernetes
• Strong foundation in core information security principles and concepts (encryption, authentication, etc.)
• Experience with automated application security tools and technologies (SAST, DAST, SCA etc.)
• Excellent communication skills and the ability to explain sophisticated security topics in simple terms