Security Software Engineering Manager - Application Security

Salary Range US Remote 164,000 - 237,000 USD per year Your Job As the Security Software Engineering Manager at Indeed, you are passionate about leveraging your software development and security domain knowledge to reduce our product security risks. Your job at Indeed will be to improve the security of Indeed products and services - both on-premise and in the cloud. Your experience will propel you to validate, prioritize, and ensure remediation of Application Security findings, in collaboration with our Application Security Tools team, as well as broader Product, and Technology partners. The job requires you to understand the product and platform architecture at a level where you can then provide security solutions that improve how we detect and remediate product security defects in our Web, API and Mobile products and services. You are comfortable dealing with the nuances of leveraging third party products if needed, and adapt them so they fit in the Indeed ecosystem of services. You will manage and grow a team of Application Security Engineers, train and mentor them, to deliver application security as a service. These capabilities will deliver security at scale, and ideally as a feature that is available as an embedded attribute of our infrastructure to best support our product teams. You will own the execution and tasking of your team, to deliver on the Security Organization’s quarterly commitments, while building a long term roadmap for your team. Your background If you see yourself being described by most of these statements , we want to speak to you! You have a strong background in application security engineering and have experience delivering services to solve application security problems at scale. You are well versed in your discipline and have led application and/or product security engineering teams and earned the respect of talented security engineers. You have demonstrated experience in several domains of Application and Product Security Your leadership style is engaging and you are a coach at heart. You have demonstrated judgment to set clear technical direction for your teams of proficient and motivated Application Security Engineers. You understand that the best managers serve their teams, removing roadblocks and giving individual contributors autonomy and encouraging peer level communication. You use data to inform your decision making and influencing process. You value the freedom to solve problems at any level. You are someone with high standards who will push us to be better, and who will take pride in Indeed like we do. You are equally happy talking about policy and guidelines, as you are geeking out over the latest branded security vulnerability and exploits. Responsibilities A professional at this position level has these responsibilities: Deliver on Indeed’s Security Objectives via long term and quarterly objective and key results process. Provide clear vision and direction for the team to build, cultivate, and maintain customer service excellence while reducing security risk. Own the performance management, total rewards, and career development of your team. Demonstrate ownership of the suite of security tools that your team will develop and maintain. You build it. You own it. Support your Security stakeholders with control effectiveness and Risk reporting for your domain(s). Define, report, and improve the KPIs and Risk Indicators for your service catalog. Find opportunities and strategies to increase adoption of your team’s tools and capabilities. Raise accountability by escalating issues in a timely manner and creating and maintaining detailed documentation. Resolve issues, dependencies, and conflicts; make certain that your teams are involved, engaged, and informed. Design and ensure technical documentation is maintained for your area. Stay up-to-date with trends in the information security community. Perform tech talks and other awareness campaigns to spread security knowledge throughout Indeed. Other tasks as assigned. Who You Are Bachelors of Science degree in Computer Science, Engineering, Computer Security, Information Systems, Mathematics, or equivalent field required 5 years software development experience 3 years people management experience with experience leading 4 or more engineers at a minimum 3 years delivering security initiatives with clear business impact 5 years of multi-domain security experience with the following, since this is a security software engineering management position: Experience delivering Application Security services to prioritize and drive remediation from AppSec tools such as SAST, SCA, IaC scanning, DAST, iAST, and Container Security etc. You know the fundamentals in this space and have developed capabilities and supported them to mature Application Security practices. You have provided services such as threat modeling, secure design reviews, code reviews, through internal AppSec consulting to remediate findings Implementation of Application Security frameworks like OpenSAMM, BSIMM etc to measurably improve the maturity of AppSec Working in Agile, Kanban, or SAFe teams to deliver security software Proficient in at least one programming language Hands-on experience with development tools and environments such as Git, CI/CD pipelines, Maven/Gradle, Nexus, Snyk, Kubernetes, Chef/Puppet, JIRA You can manage and prioritize multiple tasks and projects and assist/advise your engineers in establishing appropriate priorities Ability to manage key customer relationships, including with senior managers and Directors Ability to influence cross functional teams to accomplish Security goals Excellent analytical skills and ability to learn quickly Excellent written and verbal communication skills If you have any of these, that’s even better: Accredited certifications a plus, such as: CISSP, CISM, CEH (Certified Ethical Hacker) Knowledge of various frameworks and models such as BSIMM, OpenSAMM etc Who We Are We are builders, we are integrators. We create and optimize solutions for a rapidly growing business on a global scale. We work with distributed infrastructure, petabytes of data, and billions of transactions with no limitations on your creativity. Our Mission As the world’s number 1 job site*, our mission is to help people get jobs. We strive to cultivate an inclusive and accessible workplace where all people feel comfortable being themselves. We're looking to grow our teams with more people who share our enthusiasm for innovation and creating the best experience for job seekers. (*comScore Total Visits, September 2021) Salary Range Disclaimer The base salary range represents the low and high end of the Indeed salary range for this position. Actual salaries will vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Indeed's total compensation package for employees. Other rewards may include quarterly bonuses, Restricted Stock Units (RSUs), an open Paid Time Off policy, and many region-specific benefits. Equal Opportunities and Accommodations Statement Indeed is deeply committed to building a workplace and global community where inclusion is not only valued, but prioritized. We’re proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neuro-diversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds. Indeed is committed to providing reasonable accommodations to qualified individuals with disabilities in the employment application process. To request an accommodation, please contact Talent Attraction Help at 1-855-567-7767, or by email at [email protected] at least one week in advance of your interview. Fair Chance Hiring We value diverse experiences, including those who have had prior contact with the criminal legal system. We are committed to providing individuals with criminal records, including formerly incarcerated individuals, a fair chance at employment. Our Policies and Benefits View Indeed's Applicant Privacy and Accessibility Policies - https://www.indeed.com/legal/indeed-jobs Learn about our global employee perks, programs and benefits - https://benefits.indeed.jobs/ Where legally permitted, Indeed requires all individuals attending or working out of Indeed offices or visiting Indeed clients to be fully vaccinated against COVID-19. For positions that can only be performed at an Indeed office, candidates must be fully vaccinated against COVID-19 and present acceptable proof of vaccination by the date of hire as a condition of employment. For positions that require some in-office work or in-person client meetings, exceptions to these in-office or in-person job requirements may be made at the discretion of the business through June 2022, at which point full vaccination will be required. Indeed will consider requests for reasonable accommodation as required under applicable law. To qualify as being fully vaccinated against COVID-19 there should have been a two week period after receiving the second dose (or any government recommended booster shot) in a 2-dose COVID-19 vaccine series, or a two week period after receiving a single-dose (or any government recommended booster shot) in a single dose COVID-19 vaccine.