Required PRODUCT SECURITY TEAM LEADER
Responsibilities:
Manage and lead a team of product security engineers, overseeing daily operations and ensuring high-quality execution of product security assessments and projects.
Develop and execute the strategic roadmap for the team, aligning with the groups KPIs, organizational goals, and industry best practices.
Oversee post-production activities, tools, and procedures, such as penetration testing, WAF policies, and runtime protection policies, in advanced Kubernetes (k8s) environments, micro-services architectures, and cutting-edge CI/CD pipelines.
Manage the companys bug bounty programs, collaborating with external security researchers.
Plan, manage, and execute security projects, coordinating cross-functional teams to ensure timely and effective implementation of security initiatives.
Collaborate closely with software architects, security champions, and R&D teams to triage security findings and develop mitigation strategies.
Be responsible for monitoring and protecting the companys external attack surface by leading the design and development of internal (and our OSS) security tools and proprietary products. More about how we manage our attack surface: The Continuous Recon Mindset
Develop and conduct security training sessions for R&D and other departments to foster a strong security culture within the organization.
Lead incident response efforts, coordinating with the incident response team during security crises to ensure swift and effective resolution.
Promote continuous improvement in security methodologies, staying abreast of the latest trends and threats.
Ensure compliance with EU GDPR, CCPA, and other relevant standards by guiding technological compliance efforts.
Requirements: 4+ years of experience in web and mobile application security, SSDLC, and threat modeling.
Proven experience in leading and managing an application/product security team.
Strong background in planning, executing, and overseeing security projects within complex technological environments.
Extensive experience with Kubernetes (k8s), micro-services architectures, and CI/CD pipelines.
Experience in penetration testing, vulnerability scanning, SAST, and DAST, and familiarity with related tools and technologies.
Experience in managing bug bounty programs.
Excellent verbal and written communication skills to interact with diverse teams and present security findings and recommendations.
Experience in writing scripts and automations; OSS contributions are a major advantage.
Experience in conducting security training sessions and mentoring technical teams to enhance their security posture.
Understanding of EU GDPR, CCPA, and other relevant compliance standards, with the ability to guide technological compliance efforts.
Relevant security certifications (e.g., CISSP, OSCP, CEH) are highly desirable.
Strong leadership qualities with the ability to inspire and build a cohesive, high-performing security team.
Excellent problem-solving and critical thinking skills to address complex security challenges and implement effective solutions.
This position is open to all candidates.