How you will impact the organization…

The role of a Manager of Security Engineering is multifaceted, strongly emphasizing integrating security into the organization's enterprise applications, products, and services while providing team leadership in security engineering, security operations, and security architecture. The Manager of Security Engineering has a central role in ensuring that security is not an afterthought but an integral part of an organization's enterprise application, product, service development, change, and production processes. They lead efforts to proactively collaborate with the Program Management Office, Network Operations, Corporate IT, Product Management, and Engineering to identify and mitigate security risks, foster a culture of security awareness, and provide the technical expertise to secure an organization's systems and data effectively. Additionally, they oversee security engineering activities and security operations to respond to threats and vulnerabilities and lead the oversight and development of a robust security architecture that aligns with the organization's goals and objectives.

The value you will deliver…

• One of the core responsibilities of the Manager of Security Engineering is to identify security risks and vulnerabilities early in the SDLC. By doing so, they can help mitigate potential threats before they become critical issues, reducing the cost and effort required to address security concerns later in the development process.
• This role involves promoting and integrating security best practices, standards, and processes into every phase of the SDLC. Security by design means that security considerations are not an afterthought but woven into the development process's fabric.
• Oversees the implementation of security testing methodologies such as penetration testing, code reviews, and automated scanning tools to ensure that products and services are rigorously evaluated for vulnerabilities before release.
• Ensuring that products and services meet relevant security compliance standards and regulations is vital to this role. This involves working closely with stakeholders to implement controls that align with industry-specific security requirements.
• Leads the security operations team in developing and maintaining an effective incident response plan. They coordinate responses to security incidents and breaches, minimize damage, and ensure a swift return to normal operations.
• This role involves implementing continuous security monitoring and analysis to detect and respond to threats in real-time. Security engineers under this manager's leadership monitor security events and anomalies daily.
• Identifying, assessing, and remedying security vulnerabilities within an organization's systems. This includes the prioritization of vulnerabilities based on risk and potential impact.
• Develop and uphold security policies, standards, and guidelines that align with the organization's goals and legal mandates.
• Supports annual audit and compliance assessments by participating in interviews and fieldwork collection efforts.
• The Manager of Security Engineering plays a crucial role in overseeing the design and implementation of the organization's security architecture. This includes network, cloud, application, and infrastructure security. They ensure that security is an integral part of the technology stack.
• Identifying, selecting, and implementing security tools and technologies that align with the organization's security architecture is an essential responsibility. This may include firewalls, intrusion detection systems, encryption solutions, and identity management systems.
• Providing guidance and expertise to development and IT teams on designing and implementing secure systems is critical. The manager helps teams make informed decisions about technology and architecture choices that prioritize security.
• The ability to formulate a comprehensive security strategy that aligns with organizational goals and effectively addresses emerging threats.
• Integrating security practices and principles into the entire software development life cycle (SDLC) and product design process.
• Designing and implementing secure architecture for networks, systems, and applications.
• Overseeing security monitoring, incident response, and vulnerability management.
• Ensuring that security practices align with relevant industry standards and regulatory requirements.
• Identifying, assessing, and prioritizing security risks and implementing mitigation strategies.
• Managing and mentoring a team of security engineers and specialists.
• Conducting or overseeing penetration testing, code reviews, and security assessments.
• Responding to security incidents, including investigation, containment, and recovery.
• Security Tooling: Selecting and implementing security tools and technologies to enhance security posture.
• Security Auditing and Reporting: Conducting security audits and reporting to senior management regularly.
• Staying informed about emerging cybersecurity threats and incorporating threat intelligence into security strategies.
• Maintaining a strong technical understanding of cybersecurity technologies, protocols, and trends.
• Preform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or changes duties at any time.

What you will bring to the table…

• 8 years experience in Software Development or Information Technology
• 8 years of experience with manual web application testing by proxy tools such as OWASP ZAP and Burp Suite.
• 8 years of experience with SIEM platforms for real-time security monitoring, incident detection, and response.
• 4 years of experience in Web or Mobile application security testing
• 3 years of experience in Secure SDLC (Software Development Life Cycle)
• 3 years of experience with AWS cloud technologies
• Proficiency in designing and implementing secure network architectures, including firewalls, intrusion detection/prevention systems, and VPNs.
• Expertise in securing software applications, including secure coding practices, web application firewalls, and secure development life cycle (SDLC) processes.
• Understanding cloud security principles, including configuring and securing cloud environments, and familiarity with major cloud service providers (e.g., AWS, Azure, Google Cloud).
• Knowledge of security architecture principles and the ability to design and implement security solutions for complex infrastructures.
• Managing user identities, access controls, and authentication mechanisms to ensure proper authorization and authentication.
• Understanding of encryption techniques and protocols, including data encryption at rest and in transit.
• Familiarity with security assessment and penetration testing tools, such as Nessus, Burp Suite, and Metasploit, including managing outsourced functions for similar services.
• Knowledge of vulnerability scanning tools and processes for identifying and remediating security weaknesses.
• Proficiency in using incident response tools and technologies for analyzing and mitigating security incidents.
• Ability to review source code for security vulnerabilities and provide remediation guidance to development teams.
• Skill in analyzing network traffic and packets to detect and respond to security threats.
• Understanding security policies, standards, and regulatory compliance requirements (e.g., GDPR, HIPAA, PCI DSS).
• Knowledge of securing various operating systems, including Windows, Linux, and Unix.
• Expertise in database security, including access controls, encryption, and best practices.
• Understanding mobile device security, including mobile app security and Mobile Device Management (MDM) solutions.
• Ability to leverage data analytics and machine learning techniques for threat detection and analysis.
• Implementing network segmentation strategies to isolate critical assets and reduce attack surfaces.
• Developing and implementing patch management processes to address vulnerabilities promptly.
• Integrating security practices into DevOps pipelines and automation tools.
• Implementing and managing MDM solutions to secure mobile devices and applications.

You will stand out if you also have…

• 5 years of experience in cybersecurity and information security roles.
• Previous experience in leadership or managerial positions, such as a team lead or senior security engineer.
• Proven experience in security architecture, security operations, and integrating security into software development processes.
• Proficiency in various cybersecurity technologies and tools, including network security, application security, cloud security, and encryption.
• Hands-on experience with security assessment and penetration testing tools.
• Familiarity with security information and event management (SIEM) systems.
• Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP

Additional details…

• Location requirements: Remote, US preference to work in Pacific time zone
• Travel requirements: Minimal domestic travel up to 5%
• Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time.
• Technology requirements: Reliable, high speed internet

The salary range for this role is up to $155,000 USD. The total compensation package for this position is negotiable and may also include [annual performance bonus, ESPP, enhanced time off packages and benefits.]