Head of Engineering, Product Security

What you will be doing

• Help build a multi-year strategy for improving the security of ShopBack’s web service and client applications
• Articulate ShopBack Product Security strategy, vision, and initiatives in external and internal venues
• Managing the engineers who are responsible for black-box penetration testing, bug bounty, SDL, and feature reviews
• Mentor Product Security engineers to be more effective and impactful and reach their goals
• Partner with the CTO and other product engineering leaders to identify intrinsic product weaknesses, build component-specific security roadmaps to address them, and assist with the execution of those roadmaps
• Represent the team in planning and product decisions
• Align the team with security and company-wide goals
• Participate in our incident response and vulnerability remediation efforts
• Help implement application security tools and develop new automation and tooling
• Stay abreast of the latest industry trends, technologies, and regulatory developments related to information security governance, and make recommendations for continuous improvement
• Oversee the development and maintenance of the security governance framework (security policies, procedures, standards, and guidelines) to safeguard company information assets and ensure compliance with applicable laws, regulations
• Conduct or support regular risk assessments, security audits, certificate renewal, and compliance reviews
• Conduct regular security awareness and training programs to educate employees about security risks, policies, and best practices

What you should have

• 10+ years experience in software development
• Several years of serving in security management or senior security leadership role
• Deep understanding of web application architecture and design principles
• Knowledge of internet security issues in software design and code
• Experience in writing understandable, testable, secure code with an eye toward maintainability
• Experience identifying and protecting against web and mobile applications and web service security vulnerabilities, including those found in the OWASP Top 10
• Possess exceptional written and verbal communication skills
• Highly organized. With many people doing many things in a fast-moving company, strong organizational skills—both for yourself and for the team—will be required
• Able to weigh several, often conflicting constraints and make rapid decisions in a fast-moving and quickly-growing company
• Familiarity with common web application testing tools (Burp Suite, etc)
• Development experience in one or more of these languages: Java, JavaScript / TypeScript, NodeJS, PHP, and Python
• Possess strong knowledge of the browser security model, crypto, and network security
• Design and development of security-related education/training for all ShopBack software engineers
• Experience with Amazon AWS services and familiarity with ShopBack products is a plus