Lead Cybersecurity Engineer

At PitchBook, we are always looking forward. We continue to innovate, evolve and invest in ourselves to bring out the best in everyone. We’re deeply collaborative and thrive on the excitement, energy and fun that reverberates throughout the company. 

Our extensive mentorship, education and training programs help us create a culture of curiosity that pushes us to always find new solutions and better ways of doing things. The combination of a rapidly evolving industry and our high ambitions means there’s going to be some ambiguity along the way, but we excel when we challenge ourselves. We’re willing to take risks, fail fast and do it all over again in the pursuit of excellence.

If you have a good attitude and are willing to roll up your sleeves to get things done, PitchBook is the place for you. 

About the Role:

As the Lead Cybersecurity Engineer in PitchBook’s engineering division, you will oversee the execution and management of security and technical delivery for PitchBook’s suite of products and data platforms in support of key business objectives. You will report to the Director of Product Security and provide guidance to the cybersecurity engineering team with product engineers and product management. Your impact will cover hundreds of global employees to protect PitchBook data assets and information systems from the growing global threat landscape while providing cyber risk management for PitchBook’s mission and customers.

This role will be key to developing and overseeing application security standards and requirements development. Your ability to collaborate with colleagues, provide leadership in a matrix-style structure and level up junior engineers will be critical to your success. You will solicit feedback, engage others with empathy and help create a culture of belonging, teamwork and purpose. 

Primary Job Responsibilities:

• Advise on the secure design of product and application architecture
• As a strong hands-on person in the team, you will be able to produce and approve code to perform security automation and tool development to enhance the security of PitchBook infrastructure
• Perform Threat Modeling, assess and document product risks and/or application designs
• Participate in expanding/maturing the secure development program
• Work with product teams and shared services to determine appropriate scanning cadence based on risk
• Develop and maintain checklists and working aides for secure development
• Design solution blueprints that meet the security needs of the system
• Approve security guidance and training materials provided to development teams
• Provide input to security risk impact assessment
• Approve architecture change proposals from a security perspective
• Be a key advisor to the overall strategy and roadmap of the Product Security Program
• Lead the Product Security Incident Response Team (PSIRT) at PitchBook

Skills and Qualifications:

• Bachelor’s degree with 10+ years of experience in cloud application security
• 6-8 years of Technical Product Security related experience, including threat modeling and attack surface analysis
• Proven track record of solving complex Product Security issues and protecting products using a risk-based approach
• Extensive knowledge of the current Product Security threat landscape and industry best practices
• Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of secure development process
• Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX and GDPR from a Product Security standpoint
• Experience working in Agile development with experience in the following technologies:
  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar)
  • Integration of security testing tools into pipeline
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar)
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security
• Certifications such as CISSP, CISSP-ISSAP, CSSLP, OSCP, GSEC

Benefits at PitchBook:

Physical Health            

• Comprehensive health benefits
• Additional medical wellness incentives 
• STD, LTD, AD&D and life insurance

Emotional Health 

• Paid sabbatical program after four years
• Paid family and paternity leave 
• Annual educational stipend
• Ability to apply for tuition reimbursement
• CFA exam stipend 
• Robust training programs on industry and soft skills 
• Employee assistance program
• Generous allotment of vacation days, sick days and volunteer days 

Social Health 

• Matching gifts program
• Employee resource groups
• Subsidized emergency childcare  
• Dependent Care FSA
• Company-wide events
• Employee referral bonus program  
• Quarterly team building events

Financial Health 

• 401k match
• Shared ownership employee stock program 
• Monthly transportation stipend  

*Please be aware the above PitchBook benefit and perk offerings are subject to corresponding plan and policy documents and may change during the course of your employment.

Life At PB:

We are consistently recognized as a Best Place to Work and our culture is at the heart of our success. It’s our fundamental belief that people do and create great things and that people are the cornerstone of prosperity. We believe that proactively seeking out different points of view, listening to others, learning and reflecting on what we’ve heard creates a sense of belonging within PitchBook and strengthens the PitchBook community.

We are excited to get to know you and your background. Concerned that you might not meet every requirement? We encourage you to still apply as you might be the right candidate for the role or other roles at PitchBook.

#LI-BL1