Software Security Director

security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Configuration Management/DevOps background that wants to educate and build a software security program.

Key Deliverables and Responsibilities (include but are not limited to the following):

• Perform operational support for AWS WAF configurations - updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications.

• Perform operational support for Azure WAF configurations

• Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline.

• Perform manual penetration tests on web applications

• Experience with GitHub

• Maintain Cloudflare DDOS protections and WAF configurations.

• Attend enterprise architecture reviews to standardize and secure new deployments.

Qualifications and Special Skills Required

• Bachelor's degree in computer science or engineering field or equivalent combination of education and relevant experience.

• 10 -15 years of software security experience and leading a team.

• A passion to learn and educate others on how to build secure software.

• Ability to work in a group setting and independently

• Experience with Jira IT ticketing systems.

• Good working knowledge in scripting language, Python, PowerShell, etc.

• Strong understanding of Linux/UNIX and Windows based operating systems and networks.

Strong working knowledge of Application security concepts and technologies such as:

• Experience in OWASP Top 10 and usage of common AppSec testing tools.

• Experience of Secure by Design concepts and threat modeling

• Knowledge of common security libraries, security controls, and common security flaws.

• Experience in application penetration testing techniques and tools

• Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools

• Open Source Security (OSS) - Software Composition Analysis (SCA)

• Static Application Security Testing (SAST)

• Dynamic Application Security Testing (DAST)

• Security Architecture Review - Threat Modeling

• AWS and Azure WAF Configuration and whitelisting

• Cloudflare DDOS configuration and operation

• Manual Penetration Testing

• Penetration testing with 3rd party vendors

• Host level vulnerability Scanning

• Web application security training course development and delivery

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)

• SANS GIAC certifications

• Amazon Web Services, Azure, Google Cloud Platform

The annual salary range for California is $161,000 to $299,000. You may also be eligible to receive incentive compensation: bonus, equity, and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the salary range is a guideline and compensation may vary based on factors such as qualifications, skill level, competencies and work location. Our benefits programs include: paid vacation and paid holidays, 401(k) plan with employer match, employee stock purchase plan, a variety of medical, dental and vision plan options, and more.
We're doing work that matters. Help us solve what others can't.