Director Of Security Engineering

Position Overview

At SmartBiz, security is a critical pillar of who we are and how we operate. You will join in a crucial position that will be assessing, recommending, designing, and improving our security solutions and processes. You will help drive the focus on the issues that matter and can see through the noise of all of the potential areas to focus. You will come in and help mature our security monitoring and threat detection/reporting. You’ll continue to build out a maturity model for security improvements working with engineering leadership to establish a roadmap to level up the organization and lead changes to help establish secure SDLC partnering with the rest of the organization.  

You must be highly technical and adaptable to the rapid pace of development and delivery in a small but evolving company. The most successful leaders here are comfortable working with minimal supervision, are innovative, thoughtful, and can prioritize and effectively communicate complex issues.

How You Will Make An Impact:

• Drive overall strategy and implementation of security processes, procedures, and governance through a combination of preventive and reactive controls and policies in a cloud environment
• Functioning in a DevSecOps capacity working closely with engineering and infrastructure teams to support and implement security at every level of the stack
• Work operations teams to implement intrusion detection and prevention processes, techniques, and solutions
• Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements
• Respond to, and when appropriate, resolve or escalate security incidents
• Develop and maintain documentation for security systems and procedures

Who You Are:

• Extensive experience working with application development teams to secure front-end applications (React) and backend services (Python and Ruby) by adding security practices to the software development and delivery process
• Deep knowledge of auditing and securing cloud-based infrastructure in AWS in a highly regulated environment
• Proficient in implementing, securing, and managing containerized and Kubernetes workloads
• Experience collaborating with Product, Engineering, and DevOps  teams
• Proficiency in writing and reviewing Infrastructure as Code including CloudFormation and Terraform
• Experience managing and supporting critical Developer infrastructure and secure SDLC
• Understanding of Application Security principles, SAST, DAST, and web application vulnerabilities such as OWASP Top 10, their risk, and remediations
• Able to manage and lead a small security team, with the responsibility to oversee the work of the team and manage the development of the engineers on the team