Roberts Recruiting is Hiring a Platform Security Manager Near Cambridge, MA
We were founded in 2000 to give customers transparency into vulnerabilities in their IT environments with a comprehensive vulnerability management solution, something that didn't exist at the time. Now we continue to deliver state of the art solutions for our customers' security and IT challenges with a variety of product and our cloud-based analytics platform that powers our products for vulnerability management, incident detection & response, offensive security, application security, and DevOps IT operations.
We're looking for an awesome Platform Security Manager to join our Information Security team in Cambridge, MA. This engineering leader is the kind of person who wants to build a product security engineering function from the ground up. Also, have you ever wondered what it's like to work on a security team at a security company? Hint: it's kind of amazing.
Your profile
For you InfoSec isn't just a job: it's a lifestyle. You're seeking a new opportunity to flex your security expertise by overseeing and building our AppSec team from the ground up. In this capacity you'll work with product engineering teams to implement AppSec best practices, help us build security into our distributed CI/CD pipeline, and build tooling to enable product engineers to move fast and be secure. You're passionate about continuously evolving product security to stay one step ahead of attackers.
Requirements
Lead a team of engineers with disciplines in both Application Security and Cloud Security
Extensive knowledge and experience with implementing best practices in a secure SDLC
Experience with SAST, DAST, IAST, SCA, RASP, and/or WAF tooling
Extensive knowledge and experience with one or more of the following: Java, Python, and JavaScript
Knowledge of integrating custom security controls and security tests in development and build environments
Automate IaaS assessments, reporting, remediation with a measurable and repeatable process
Extensive experience building “guardrails, not gates” into CI/CD environments
Working knowledge of one or more of the following technologies or design patterns:
Microservice design and architecture
Using and developing RESTful APIs
Message queueing systems
SQL and NoSQL databases (e.g. Cassandra)
Containerization and virtualization technology (e.g. VMs, Docker)
Ability to pivot quickly with changing priorities in a dynamic, hyper-growth environment
Strong capability to communicate security concepts and requirements at all levels of the business
Strong sense of project ownership and excellent time and task management skills
Strong desire to mentor teammates and provide leadership on key initiatives/projects
Education in Computer Science, Information Systems, or a similar field
5 years of experience in the InfoSec and/or software development fields
Pluses
Extensive knowledge of AWS security concepts and best practices
Working knowledge of managing infrastructure and resources in AWS using Terraform and Chef, Ansible, Puppet, or Salt
Experience with one or more of the following: Go, Ruby, and Erlang
Experience with Jenkins
Experience creating threat models and remediation plans
Working knowledge of identity and access management