Manager, Security Engineering (US- Remote)
DISQO is changing the way that the world’s largest brands, agencies and consumer intelligence companies get to know their consumers. We’ve built the first identity-based platform that combines consumer attitudes and behaviors together to power the most accurate and predictive insights solutions for our customers, and we do all of that with the willing participation of our consumers and without using outdated technologies like third-party cookies. We help our customers get a cross-platform view into consumer sentiment, measure advertising effectiveness, analyze consumer purchase journeys, and ultimately grow their brands.
Our mission at DISQO is to engage people to share their opinions and behaviors openly to help our customers make the right decisions. With over one million active members sharing their attitudes and behaviors, DISQO is looking to expand, improve and create world-class applications for people to openly share their data for research.
Check out the DISQO Developer Blog for the latest from our DISQOTECH team.
The Role: DISQO is looking for a Manager of Security Engineering to join our engineering management team and build a new security engineering team. This person will have broad responsibility over all aspects of security as it applies to software that we build, the AWS platform we deploy our software to and all the devices that we use.
As a Security Manager, you will:
- Establish our Security Engineering team and build a world-class culture that engineers relish being a part of.
- Define and own the Security Engineering OKRs & roadmap and conduct quarterly roadmap reviews. In addition, you should be able to champion and partner with our engineering leaders to set and maintain effective Security SLOs across the org.
- Use a "Product Management" mindset to engage with internal and external stakeholders to align on security vision, strategy and priorities.
- Work closely with our CTO and our product & engineering leadership to set standards around patterns, frameworks, technologies, and processes to promote a simple and consistent approach across multiple types of services.
- Be the champion of our DevSecOps culture and build a strong cross-collaboration between Platform, SRE, Security and Software Engineering teams.
- Act as a model of InfoSec practices, integrity and transparency, evangelizing the use of cryptography, data handling, threat awareness and operational security.
- Leverage your IAM fundamentals and understanding of the identity lifecycle to build and enhance systems that control, limit and continuously audit the integrity our identity plane
- Work to build, maintain and continuously enrich the quality of our security telemetry, working to improve our threat data using a combination of off-the-shelf technologies and custom engineering.
- Perform security reviews and threat assessments on an as-needed basis to ensure the upkeep and maintenance of our security posture
- Identify, verify and contain and remediate threats: serve as Incident commander security incidents, ensuring that potential issues are identified, classified, contained and documented in accordance with InfoSec policies.
- Drive detailed RCA in the wake of incidents, ensuring a level of analysis that ensures both a deep understanding of the incident, it’s content, and the controls and remediation that will prevent it from recurring.
- Role model Servant Leadership, making leadership excellence a continuous priority for your own personal development and that of your teams.
- Embrace, model and champion all of DISQO’s values - adding to the growth of our culture
- Strong work ethic with the ability to understand and exhibit Agile principles and methodology
What you’ll bring:
- 4+ years of building and leading Security teams across multiple time zones. Broad understanding of multiple knowledge domains, including IAM, vulnerability management, threat detection, AppSec, SAST/DAST, IDS/IPS, incident response and orchestration-based automation and response.
- 7 years progressive experience in a combination of security, software and platform engineering
- 3 years developing security services or tooling with a modern, high-level language, ideally golang
- A background that involves creating a layered security perimeter in the context of a cloud and container-based microservices in AWS
- Deep experience with SOC2, CCPA and GDPR is highly desirable
- Experience supporting (or building) a security operations function in startup environments, ideally serving as incident commander for security incidents
- Knowledge of networking fundamentals, including TCP/IP, OSI stack model, L2, L3 and L7 fundamentals and raw packet analysis.
- One industry-recognized security certification (CEH, CISSP, CCSP, CISA) -- or the willingness to secure one within six months
- Servant Leader and Agile DNA
#dice
Perks & Benefits:
·100% covered Medical/Dental/Vision for employee, 80% for dependents
·Equity
·Unlimited Vacation
·Flexible work hours
·Catered lunches 3x a week
·Stocked pantry
·Happy Hours
·Onsite Fitness Program
·Discounted Gym Membership
·Quarterly Offsites
·401K
·Life Insurance
·FSA
·Paid Maternity/Paternity leave
·Disability Insurance
·Travel Assistance Program
·24/7 Counseling Services offered to employees
DISQO is an equal opportunity employer. Discovery, innovation, and growth are possible when we open ourselves to new possibilities, perspectives, and approaches. That’s why, at DISQO, we welcome, support, and empower individuals from diverse backgrounds. Exceptional teams are rooted in extraordinary people, each with a unique story and a compelling set of skills. DISQO does not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
*Recruiting firms that submit resumes to DISQO without first entering into a written contract will not be entitled to any compensation on candidates referred by that firm.