Director, Product Security

Contrast Security Ranked One of the Fastest-Growing Companies in North America on the 2021 Deloitte Technology Fast 500™
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development to operations, to production.
About the Position
Our Product Security team is hyper-focused on continuous security enhancements in all aspects of the Software Development Lifecycle for a wide range of Contrast Security products. The team focuses on knowing our product, protecting our environments, and securing our software. The applicant will be responsible for taking ownership of security initiatives, such as defining security requirements and policies, performing threat modeling, reviewing testing and deployment standards, managing secure code analysis techniques, secrets management, and asset and vulnerability management. Additionally, one will have the freedom to contribute their unique perspectives and ideas on our product security processes.
This is a full-time position that can work remotely in the U.S.

Roles and Responsibilities

• Aid in the communication of business product strategy and the role security plays in meeting customer and partner needs
• Partner closely with engineering leadership to enable secure innovation
• Understand the NIST Cyber Security Framework and drive Product Security initiatives based on meeting those standards
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Manage a global team of passionate and skillful cloud and application security professionals
• Drive team success through the use of Objectives and Key Results (OKR)
• Lead and perform threat modeling exercises on all Contrast Security products
• Ability to partner with cross-functional teams to drive security initiatives
• Manage application security training program for the company
• Create, communicate, and maintain security policies, standards, and guidelines applicable to software products
• Lead penetration testing activities conducted by internal teams and third-party vendors as well as remediation efforts
• Develop, build, and support DevSecOps tools for our SDLC processes
• Analyze and recommend strategy and direction to mitigate security risks within the organization
• Maintain a complete internal security picture through asset and vulnerability management
• Maintain and manage our cloud security posture and team
• Manage and maintain the organization's bug bounty and vulnerability disclosure processes
• Help engineering and Product Management teams identify security requirements and drive a standardized set of security requirements into product and service offerings
• Provide reports, metrics, and key performance indicators to the CISO and executive staff

Requirements

• Experience with application security, development, and vulnerability management reporting
• Programming abilities in Python, C, or Java (plus if you have experience with NodeJS, Ruby, and/or GoLang)
• You can take general direction and work independently to solve problems
• You have strong communication skills
• You ask questions, let others know when you need help, and tell others what you need
• Knowledge of FedRAMP, ISO 27002, and SOC compliance standards
• 7+ years experience in product security (application, cloud, SaaS, architecture, etc)
• Experience with threat modeling and attack forensics

We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

What We Offer

• Competitive compensation
• Medical, dental, and vision benefits
• 401(k) plan
• Flexible paid time off

#LI-RH1#LI-Remote
We are changing the world of software security. Do it with us.  We believe in what we do and are passionate about helping our customers secure their business.If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.
Contrast Security is committed to a diverse and inclusive workplace. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.
By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement reflects our policies around compliance with the General Data Protection Regulation (“GDPR”) and your rights respective to GDPR as a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 (“CCPA”) will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts and dependents (“CA Employee”) new rights to privacy.
Recruitment Agencies: Although we value the services you provide, at this time we are not accepting resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.