The client: a rapidly growing Series B startup that aims to make homeownership more accessible across the United States.
The position: partner with a core engineering team to build out a novel security function and promote a security-first mindset within the organization. The ideal individual will be a hands-on leader, stepping in as an active player in product security engineering while overseeing long-term strategy for in the field.
Key Responsibilities to Include:
- Take ownership of the new Product Security program, developing short and long-term plans and directly overseeing their implementation in a DevSecOps environment.
- Evaluate and oversee onboarding of new security tools; make recommendations for updates following industry developments.
- Collaborate with software engineering/DevOps teams to adopt and maintain a Secure Software Development Lifecycle (SSDLC).
- Perform technical product security functions including but not limited to the following: code & architecture reviews, threat modeling, incident response, penetration testing, vulnerability scans, and automation.
- Serve as a figurehead for the security engineering program within the business and work with internal and external leaders to advise on security best practice.
The Ideal Principal Security Architect Will Have:
- Minimum 6-8 years in highly technical security engineering/architecture roles directly related to application security, software security, cloud security (AWS, Azure, GCP), and/or DevSecOps.
- Previous experience in software development highly desired.
- In-depth knowledge of application security solutions (SAST, DAST, SCA) and industry trends.
- Hands-on knowledge of at least one coding/programming language highly desired (ie. Python, Java, Go, C++).
- Experience assessing and making recommendations to mitigate risk throughout product development and maintenance.
- Knowledge of industry compliance and secure coding standards (NIST, ISO 27001, OWASP Top 10, etc.).
- Strong communication skills and an infectious enthusiasm for security - previous leadership experience a plus, but not required.
- A B.S. in Computer Science or a related field and relevant certifications (CISSP, CEH, CSSLP, etc.)
This is an excellent opportunity for an individual who is looking to develop a greenfield security program while remaining a hands-on security practitioner. The ideal candidate will have a passion for security and a desire to help make homeownership more accessible to the community.
Candidates should be located in the United States. This position can be remote or located in the client's New York, NY office.