Director of Product Security

HUMAN was founded in 2012 in a Brooklyn sci-fi bookstore by Tamer Hassan, Michael Tiffany, Dan Kaminsky, and Ash Kalb. Our humble beginnings led to the creation of the Human Verification Engine, the backbone of all our products that protect enterprises from sophisticated bots. Today we verify the humanity of more than 15 trillion interactions per week for some of the largest companies and internet platforms across the internet. 
Our hacker roots still permeate everything we do. You will be a part of the HUMAN front line in our commitment to helping protect companies (and, in turn, their customers) from both revenue and reputation risk caused by malicious bots. However, HUMAN is not the centre of this story. Humans like yourself are. We firmly believe in putting people first. This approach spans our extensive benefits and day-to-day culture for every human to do the best work of their life. We want to hear about the marathon you’re training for. We want to see pictures of your pets. We want to know your favourite robot (we have many). 
The HUMAN R&D team is pivotal to our mission to protect the internet's heart by disrupting the economics of cybercrime. They are the ones uncovering and fighting bot operations like PARETO, ICEBUCKET, 3ve, Methbot and Scylla. HUMAN supports our R&D humans by strongly valuing deep work and flexibility. Company-wide meeting-free Fridays give you uninterrupted time to work on your projects. Additionally, this team is encouraged to participate in R&D Research Friday - a designated half-day each week dedicated to trying new ideas and personal career development. HUMAN is fully committed to flexible working arrangements, or as we call it, work from anywhere, anytime. All of this is to ensure our humans can do the best work of their lives. 
We want to work with people like you who break down problems to build up better solutions. That’s what makes us HUMAN.  
You’ll be joining us at an exciting moment in the HUMAN story: we joined forces with PerimeterX in a market-changing merger. Together under the HUMAN brand, we will disrupt the economics of cybercrime. We hope you can join us in that mission. 
As lead of the product security organization, this role is responsible for the implementation, management and improvement of security controls for protecting product security at Human. 

What you will do:

• Evangelist for security SDLC. This includes security requirements, threat modeling, security testing, penetration testing, and identifying and fixing vulnerabilities in software and applications on all business unit products.
• Collaborate with DevOps and systems teams on security architecture designs and establish programs to enable continuous security posture improvements. 
• Conduct complete lifecycle security architecture and technical assessments for a wide range of products
• Provide guidance and leadership to product owners and engineers on secure development best practices.
• Implement and maintain common application security tools (SAST, DAST, SCA, vulnerability and configuration scanners) through automation. Create accompanying processes to facilitate ownership throughout the development organization.
• Manage and assist teams in the remediation of security vulnerabilities in accordance with defined service level agreements.
• Expert-level operational support for security escalations from customers
• Identify metrics and KPIs for the application security program and provide updates to various levels of corporate and business unit leadership
• Support product teams to develop and maintain security certifications such as SOC2, and ISO27001.
• Collaborate cross-functionally to establish and maintain product security policies and procedures
• Support commercial teams by building customer trust in the security of Human Security products

Who you are:

• 5+ years of product security experience
• Demonstrated expertise in product/application security architecture, network security, application security, web services.
• Experience with SAST, DAST, SCA and penetration testing tools.
• Able to deliver pragmatic approaches to security risks while minding the business requirements
• In-depth experience identifying and protecting against web application and web service security vulnerabilities, including those found in the OWASP Top 10.
• Prior experience building application security within cloud-based infrastructure stacks 
• Knowledge of secure architectures, application architectures, encryption, Cloud Security, and broader security technologies.

Life at HUMAN
HUMAN prides itself on being an equal opportunity workplace. We firmly believe in putting people first regardless of who you are, where you come from, how you identify, or who your favorite robot is. We are on a mission to safeguard the internet for everyone, so we welcome all individuals to share their unique experiences and perspectives as we fight against cybercrime together.
With Humans located in all parts of the world, we’ve fully embraced our diversity of thought and are always looking for innovative ways to connect with one another - even in virtual reality! Although New York City is our HQ, with teams in Tel Aviv, London, Victoria, San Mateo, Miami, and Virginia we trust our Humans in choosing where they work and how they work. The benefits package we provide reflects our remote-first culture and our commitment to our Humans’ personal career development, which includes annual stipends for home office setup, wellbeing, and learning & development. We also offer weekly lunches, flexible time off, no-meeting Fridays, HUMAN days, sabbatical programs, and so much more.
We’re constantly trying to anticipate the needs of our Humans to ensure each one of us is equally prepared to do some of the best work of our life. Taking care of one another is part of the HUMAN experience and how we build true HUMAN connections.
If you are an individual with a disability or special need that requires accommodation, please contact us directly.