Cloud Security and Compliance Engineer
BPCS, Comprehensive marketing solutions, ltd.
AzureCloud
Senior Director, Cybersecurity
Bugcrowd
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $204,800 - $256,000 per year
Job Level
Senior
Tech Stack
AWSCloudCyber SecurityGoHerokuJamfJavaJavaScriptKotlinPostgresPythonRuby
About the role
- Define the Cyber Security Strategy for Bugcrowd and identify areas of improvements to the threat landscape, internal risk tolerance objectives, and/or compliance objectives
- Ensure the technical aspects of vendor acquisitions and tools are safe for Bugcrowd’s use, in unison with the IT and compliance teams
- Assess corporate technology systems, determine strategy for changes, enhancement and improvements; recommend and implement the same, from the perspective of cyber security
- Carry out and fulfill the cyber security strategy of bugcrowd, proactively improving the security posture with time
- Work with GRC to assist in designing, develop, implement and coordinate areas of policies and procedures for compliance with SOC-2, NIST 800-53v4, ISO27001,ISO27018, and FedRAMP
- Manage Bugcrowd’s bug bounty program, ensuring that clients have a standard to aspire to, when running their own bounty programs
- Analyze new features prior to development or launch, to ensure the security measures in place are sufficient for the project
- Perform IR for all parts of the business (on-call 24x7) and perform root cause analysis upon the incidents to properly mitigate them in the future
Requirements
- Proven work experience leading Cyber Security (penetration testing, red teaming, GRC, IR, secure development, and security architecture) in a startup
- Excellent knowledge of technical security controls, including cloud, web application, infrastructure, IT, and compliance
- Experience in data governance, data architecture, data flow and system architecture to optimize the same
- Hands-on experience with penetration testing, red teaming, and security patch bypass testing
- Ability to work independently and must have strong organizational and communication skills
- Systems / Software (detailed knowledge of the following stack): Mac OS, Python, JavaScript, Ruby, Golang, Java, Kotlin, Postgres, GSuite, Cisco Umbrella, Netskope, Crowdstrike, GitHub, AWS, Heroku, Cloudflare, DataDog, JAMF
- Familiarity with Jira is a plus
- Experience related to and assistance with ISO27001, ISO27018, NIST 800-53v4, and SOC2 audits is compulsory
- Degree in Computer Science, cyber security, MIS or equivalent experience desirable but not required
- Experience in cyber security with demonstrations of responsibility and technical excellence
- Must be eager to work hard, to learn many new skills, solve problems, and integrate tightly with the rest of the team
- Willingness to support a global organization with limited staff via off hours activity while maintaining a healthy work-life balance
Benefits
- Discretionary bonus program
- Commission plan
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
penetration testingred teamingGRCincident responsesecure developmentsecurity architecturedata governancedata architecturedata flowsystem architecture
Soft skills
organizational skillscommunication skillsindependent workproblem-solvingteam integration
Certifications
ISO27001ISO27018NIST 800-53v4SOC2
