Product Security Lead
VehoCut your shipping costs, gain full visibility into all your shipments, and build customer loyalty with an incredible shipping experience. Welcome to package delivery, reinvented.
Veho is a technology-driven shipping company that enables personalized next-day package delivery, extending partner brand value. Veho brand partners have seen a 20% increase in customer repurchase, 40% increase in customer lifetime value, and 8% rise in net promoter score.
Veho gives package recipients greater insight and control, letting them know when they will receive their package, when drivers are en route, and enables real-time rescheduling, address changes, and personal delivery instructions. Veho's technology matches demand for package delivery with a network of qualified crowdsourced driver partners, ensuring every package is delivered on time and correctly.
The concept for Veho started as a school project while co-founder Itamar Zur attended Harvard Business School. Zur constantly experienced issues receiving packages - from getting the dreaded “we missed you” note, to stolen packages. He set out to fix the problem so many customers and brands face.
Today, Veho’s robust technology platform provides customers and e-commerce brands with an unparalleled shipping experience, an industry record 99.9% average on-time performance for next-day delivery and an average 4.9-star customer rating. With teammates in 30 U.S. states, Veho will be in 50 markets by the end of 2022.
About The Role
Veho’s Chief Information Security Office is looking for an experienced professional to manage and execute efforts to strengthen a foundation of security across Veho’s products, including 3rd party products and their integrations. The role will serve as an expert advisor to the engineering and IT teams. The candidate will contribute to the definition, development, implementation, and maintenance of our product security framework ensuring that best practice initiatives are achieved for system and data integrity, availability, accountability, and assurance. The position will both oversee and execute all aspects of product security functions including architecture, threat modeling, application security, code reviews and assessments. The role will drive efforts to deepen security engagement early in the software development lifecycle, reducing rework and improving speed to delivery. The role will partner and collaborate with Product and Engineering leadership to establish and evolve processes, controls, and the product security program.
- Review engineering design and architecture, vulnerabilities, code and other findings for products deployed.Identify common security design patterns and influence the adoption of scalable and automated secure platforms and solutions.
- Identify opportunities for improvements to security tooling and automation.
- Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences.
- Improve security tooling to facilitate a highly automated and scalable SecDevOps model. Mentor product engineering teams on how to approach security in their day to day work.
- Establish, augment and automate Veho’s security scanning and testing capabilities, bootstrap efforts and execute fixes in alignment with Veho’s vulnerability management policy, ensure findings are triaged and remediated by engineering or other peer teams.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program.
- Partner with application engineering, core services and infrastructure engineering, site reliability engineering and other applicable teams to embed security scoring into overall production readiness scoring, using industry best practices such as BSIMM or similar.
- Contribute to security compliance efforts such as ISO27001 / SOC2 certification, privacy and data security law compliance by providing the necessary capabilities and artifacts.
Skills & Qualifications
- BS, BE, BTech or MS in Computer Science, Cybersecurity, Information Technology or other related fields. Equivalent years of experiences without a degree are considered.
- 10+ years of relevant education and/or work experience.
Veho is a growth company that looks for team members to grow with it. Veho offers a generous ownership package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Veho employee shares one galvanizing mission: to revolutionize the world of package delivery by creating exceptional experiences for customers and drivers. We are deeply value-driven (Ownership, Candor, Team Success, Human) and care tremendously about investing in people. We are committed to creating a diverse team and an environment that provides everyone with the opportunity to do the work of their lifetime. Veho is unable to provide sponsorship at this time. Applicants must be able to understand and effectively communicate orally and in writing with all parties regarding work matters, which are generally conducted in English. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.
Other jobs like this
Staff Cloud Security Engineer (Remote- North America)Automation AWS Azure CEH CISA Cloudflare FedRAMP GCP ISO 27001 Kubernetes +2
Career development Competitive pay Flex hours Flex vacation Parental leave +3
Principal/Staff Software Security EngineerAgile Ansible Automation Banking Blockchain C Crypto Cryptography Encryption Golang +7
Competitive pay Equity Flex vacation Gear Parental leave +1
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs