Senior Staff Operations Engineer, Product Security

Requirements

• Demonstrated understanding of application security tooling and testing including, SAST, DAST, SCA, etc., as well as cross-functional awareness of security operations including SOC, Incident Response, Privacy, Legal, Vulnerability Management, and Data Protection.\n
• Familiar with OWASP projects and implementation within the product security organization such as, Web Top Ten, API Top Ten, Mobile Top Ten and ASVS.\n
• Knowledge of data access languages such as SQL and GraphQL and the ability to construct queries against data sources.\n
• Extensive experience in engineering and solution delivery in a dynamic service provider environment.\n
• Strong knowledge of project management methodologies and best practices.\n
• Proven track record of successfully managing large/complex projects across cross-functional teams, building processes and coordinating delivery\n
• Working knowledge of security services and their impact on production systems including runtime protection services, detective and protective agents and/or daemon sets, vulnerability and application scanning, etc..\n
• Experience in a multi-cloud environment including AWS, Azure, and/or Google Cloud.\n
• Experience communicating and presenting to senior and junior staff with the ability to influence development partners and stakeholders.\n
• Detail and deadline oriented with effective organizational and analytic skills\n
• Strong critical thinking, problem solving, decision making, and analytical skills\n
• Outstanding time management skills and attention to detail\n
• Excellent verbal/written communication skills, including the ability to clearly document findings, proposals, issues, and status\n
• Experience with continuous delivery\n
• Self-motivated and able to work independently while coordinating activities with cross-divisional teams\n
• Effective leadership qualities, ability to influence without direct management authority\n
• Ability to excel in a fast-paced, startup-like environment.\n
• Knowledge of industry-standard security control frameworks including NIST, PCI, SOX, NYDFS.\n
• Preferred Qualifications: Knowledge in a hybrid cloud environment such including Containerization, VMs, CI/CD pipeline, IaC\n
• Experience defining KPI’s/SLA’s used to drive multi-million-dollar businesses and reporting to senior leadership .\n
• Experience 8+ years in engineering focused role, preferably in the tech industry\n
• 4+ years of experience with AWS, GCP, Azure, or other cloud providers\n
• 4+ years in a senior role influencing company direction\n
• Experience applying engineering to meet or exceed third party attestation requirements (PCI, SOX, …).\n
• Education Bachelor’s degree in Computer Science, Cyber Security, or equivalent education with work experience Third party certifications on engineering related technologies.