Director of Product Security
United States
Applications have closed
HUMAN
HUMAN Security is a cybersecurity company that safeguards enterprises and internet platforms from sophisticated bot attacks, fraud, and account abuse.Our hacker roots still permeate everything we do. You will be a part of the HUMAN front line in our commitment to helping protect companies (and, in turn, their customers) from both revenue and reputation risk caused by malicious bots. However, HUMAN is not the centre of this story. Humans like yourself are. We firmly believe in putting people first. This approach spans our extensive benefits and day-to-day culture for every human to do the best work of their life. We want to hear about the marathon you’re training for. We want to see pictures of your pets. We want to know your favourite robot (we have many).
The HUMAN R&D team is pivotal to our mission to protect the internet's heart by disrupting the economics of cybercrime. They are the ones uncovering and fighting bot operations like PARETO, ICEBUCKET, 3ve, Methbot and Scylla. HUMAN supports our R&D humans by strongly valuing deep work and flexibility. Company-wide meeting-free Fridays give you uninterrupted time to work on your projects. Additionally, this team is encouraged to participate in R&D Research Friday - a designated half-day each week dedicated to trying new ideas and personal career development. HUMAN is fully committed to flexible working arrangements, or as we call it, work from anywhere, anytime. All of this is to ensure our humans can do the best work of their lives.
We want to work with people like you who break down problems to build up better solutions. That’s what makes us HUMAN.
You’ll be joining us at an exciting moment in the HUMAN story: we joined forces with PerimeterX in a market-changing merger. Together under the HUMAN brand, we will disrupt the economics of cybercrime. We hope you can join us in that mission.
As lead of the product security organization, this role is responsible for the implementation, management and improvement of security controls for protecting product security at Human.
What you will do:
- Evangelist for security SDLC. This includes security requirements, threat modeling, security testing, penetration testing, and identifying and fixing vulnerabilities in software and applications on all business unit products.
- Collaborate with DevOps and systems teams on security architecture designs and establish programs to enable continuous security posture improvements.
- Conduct complete lifecycle security architecture and technical assessments for a wide range of products
- Provide guidance and leadership to product owners and engineers on secure development best practices.
- Implement and maintain common application security tools (SAST, DAST, SCA, vulnerability and configuration scanners) through automation. Create accompanying processes to facilitate ownership throughout the development organization.
- Manage and assist teams in the remediation of security vulnerabilities in accordance with defined service level agreements.
- Expert-level operational support for security escalations from customers
- Identify metrics and KPIs for the application security program and provide updates to various levels of corporate and business unit leadership
- Support product teams to develop and maintain security certifications such as SOC2, and ISO27001.
- Collaborate cross-functionally to establish and maintain product security policies and procedures
- Support commercial teams by building customer trust in the security of Human Security products
Who you are:
- 5+ years of product security experience
- Demonstrated expertise in product/application security architecture, network security, application security, web services.
- Experience with SAST, DAST, SCA and penetration testing tools.
- Able to deliver pragmatic approaches to security risks while minding the business requirements
- In-depth experience identifying and protecting against web application and web service security vulnerabilities, including those found in the OWASP Top 10.
- Prior experience building application security within cloud-based infrastructure stacks
- Knowledge of secure architectures, application architectures, encryption, Cloud Security, and broader security technologies.
HUMAN prides itself on being an equal opportunity workplace. We firmly believe in putting people first regardless of who you are, where you come from, how you identify, or who your favorite robot is. We are on a mission to safeguard the internet for everyone, so we welcome all individuals to share their unique experiences and perspectives as we fight against cybercrime together.
With Humans located in all parts of the world, we’ve fully embraced our diversity of thought and are always looking for innovative ways to connect with one another - even in virtual reality! Although New York City is our HQ, with teams in Tel Aviv, London, Victoria, San Mateo, Miami, and Virginia we trust our Humans in choosing where they work and how they work. The benefits package we provide reflects our remote-first culture and our commitment to our Humans’ personal career development, which includes annual stipends for home office setup, wellbeing, and learning & development. We also offer weekly lunches, flexible time off, no-meeting Fridays, HUMAN days, sabbatical programs, and so much more.
We’re constantly trying to anticipate the needs of our Humans to ensure each one of us is equally prepared to do some of the best work of our life. Taking care of one another is part of the HUMAN experience and how we build true HUMAN connections.
If you are an individual with a disability or special need that requires accommodation, please contact us directly.
Tags: Application security Automation Cloud Cyber crime DAST DevOps Encryption ISO 27001 KPIs Network security OWASP Pentesting Product security R&D SAST SDLC SOC 2 Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Home office stipend Lunch / meals
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs