Description

Security Advocate & Community Leader
In this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps, cultural transformation, while leading security advocate program.

We are looking for someone with at least 3 years of application security and teaching others the same.
You are a great fit if the following are true:
• You love developers, teaching, learning, and research.
• You are passionate about customer experience.
• You love breaking and building, can code and hack.
• You can handle complicated bugs and complex application security issues.
• You can demonstrate where you made a difference, solved problems and help make dev teams happy.
• Have experience with Git, Gitflow, SAST, DAST, SCA, IAST tooling.
• Know what the OWASP top 10 is, and understand defensive coding techniques.
• Architects and Red Teamers don’t scare you.
• You love open source, community and collaboration.
• You have experience growing talent and communities.
• You are organized, have strong public speaking skills and can present to anyone anytime.

Responsibilities

• Own our security advocate program, set monthly meetings, own communication and documentation for the community. 

• Serve as internal evangelist and communicator for DevSecOps.

• Conducts lunch and learns, events and other internal marketing efforts.

• Owns and manages developer application security training, metrics, and effectiveness.

• Review and research issues from our Bug Bounty and Threat Modeling programs, with the goal solving once, fix many. 

• Help developers solve application security defects.

• Contributes to inner source and demonstrates engineering community engagement.

• Suggest and execute on common solutions to broad problems, serve has lead advocate for the engineering community in regards to application security functions.

• Contribute to and execute on our secure software development strategy for the enterprise.

• Partner with our Security Automation Product Owner, Compliance and governance, and DevOps teams.

• Improve and expand application security quality across our entire portfolio of applications.

• Mentor others, you love to share and support, serve as expert for escalated analysis.

Required:

• At least 3 years+ of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static). Experience with Checkmarx, AppScan, Burp Suite, Contrast, VeraCode, NowSecure, Blackduck, WhiteSource, Fortify or similar tooling.

• Strong application security experience across a variety of technologies and languages.

• Deep experience in static code analysis and third-party software composition analysis

• Excellent communication skills with the ability to influence others

• Analytical and problem solving skills

• Understands Git and related tooling.

• Strong Experience with one of the following: C#, Javascript, Java, Python.

• Contributes to the broader security or open source community.  

• Must be passionate about contributing to an organization focused on continuously improving consumer experiences

• Must be passionate about developer experience, privacy, security, quality and product delivery

Preferred:

• Strong experience in establishing and rolling out DevOps or DevSecOps

• Cloud experience with Azure, GCP, AWS, Heroku – Azure/GP/AWS Preferred. 

• Experience with Docker or similar container platforms.

• Experience with BurpSuite.

• At least 1-2 years of experience working in a product team. You understand design, delivery, and ownership.

• Knowledge of common information security management frameworks, including but not limited to:

ISO 27001/27002, ITIL, COBIT, NIST, BSIMM.

• Professional security certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus but not required.