Manager, Security Engineering, Cloud & AppSec

🕒 Maio 19

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Horizon3.ai

SiteLinkedInTodas as Vagas

51 - 200 funcionários

Fundada em 2019

A plataforma NodeZero™ capacita sua organização a continuamente encontrar, corrigir e verificar sua superfície de ataque explorável. Reduza seu risco de segurança ao encontrar autonomamente fraquezas em sua rede, sabendo como priorizá-las e corrigi-las, e verificando imediatamente se suas correções funcionam. O NodeZero oferece pentests autônomos seguros para produção e outras operações de avaliação chave que escalam através de seus maiores ambientes internos, externos, em nuvem e em nuvem híbrida. Sem necessidade de agentes, sem código para escrever e sem consultores para contratar. Somos uma fusão de ex-operadores cibernéticos das Operações Especiais dos EUA, engenheiros de startups e praticantes de cibersegurança anteriormente frustrados. Estamos comprometidos em ajudar a resolver nossos problemas comuns de segurança: ferramentas de segurança ineficazes, falsos positivos resultando em fadiga de alerta, pontos cegos, cultura de segurança "para cumprir tabela", escassez de habilidades em cibersegurança e o longo tempo e custo de contratar consultores externos.

Descrição

• Lead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security Engineers • Set priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident response • Design and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging • Continuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector • Partner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automation • Lead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviews • Continuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, Trivy • Build and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applications • Conduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems • Implement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environments • Respond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actions • Define and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediation • Develop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK • Create metrics, reporting, and risk narratives that communicate security posture, trends, and priorities to business owners and leadership • Evaluate and recommend new tools, techniques, and controls to improve the security posture of our cloud and application environments

🎯 Requisitos

• Must be proficient in AWS security services, Terraform, GitLab, and modern CI/CD security practices • Must have a deep understanding of AWS security architecture, IAM, cloud posture management, data security principles, and secure SDLC practices • Must have experience leading or closely partnering with Application Security efforts, including threat modeling, vulnerability management, and security reviews • Must be knowledgeable in compliance standards and security frameworks, including SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK • Must have strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholders • Must be able to work independently and as part of a team, with a strong sense of ownership and accountability • Must have experience developing metrics and reporting that communicate risk and security posture to leadership • Must have familiarity with DLP concepts, including data classification, identification, and protection • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience • 5+ years of experience in cybersecurity • 5+ years of experience securing AWS environments • 5+ years of experience securing cloud-native systems and modern software delivery pipelines • Prior experience leading security engineers or serving as a technical lead in a security engineering function

🏖️ Benefícios

• Health insurance • Vision insurance • Dental insurance • Flexible vacation policy • Generous parental leave • Equity package in the form of stock options • Career development opportunities • Collaborative environment that encourages creativity