Lead Cybersecurity Engineer
Seattle, Washington, United States
Applications have closed
PitchBook Data
PitchBook provides the best private market data through the PitchBook Platform, a suite of award-winning software applications. Learn more now!At PitchBook, we are always looking forward. We continue to innovate, evolve and invest in ourselves to bring out the best in everyone. We’re deeply collaborative and thrive on the excitement, energy and fun that reverberates throughout the company.
Our extensive mentorship, education and training programs help us create a culture of curiosity that pushes us to always find new solutions and better ways of doing things. The combination of a rapidly evolving industry and our high ambitions means there’s going to be some ambiguity along the way, but we excel when we challenge ourselves. We’re willing to take risks, fail fast and do it all over again in the pursuit of excellence.
If you have a good attitude and are willing to roll up your sleeves to get things done, PitchBook is the place for you.
About the Role:
As the Lead Cybersecurity Engineer in PitchBook’s engineering division, you will oversee the execution and management of security and technical delivery for PitchBook’s suite of products and data platforms in support of key business objectives. You will report to the Director of Product Security and provide guidance to the cybersecurity engineering team with product engineers and product management. Your impact will cover hundreds of global employees to protect PitchBook data assets and information systems from the growing global threat landscape while providing cyber risk management for PitchBook’s mission and customers.
This role will be key to developing and overseeing application security standards and requirements development. Your ability to collaborate with colleagues, provide leadership in a matrix-style structure and level up junior engineers will be critical to your success. You will solicit feedback, engage others with empathy and help create a culture of belonging, teamwork and purpose.
Primary Job Responsibilities:
- Advise on the secure design of product and application architecture
- As a strong hands-on person in the team, you will be able to produce and approve code to perform security automation and tool development to enhance the security of PitchBook infrastructure
- Perform Threat Modeling, assess and document product risks and/or application designs
- Participate in expanding/maturing the secure development program
- Work with product teams and shared services to determine appropriate scanning cadence based on risk
- Develop and maintain checklists and working aides for secure development
- Design solution blueprints that meet the security needs of the system
- Approve security guidance and training materials provided to development teams
- Provide input to security risk impact assessment
- Approve architecture change proposals from a security perspective
- Be a key advisor to the overall strategy and roadmap of the Product Security Program
- Lead the Product Security Incident Response Team (PSIRT) at PitchBook
Skills and Qualifications:
- Bachelor’s degree with 10+ years of experience in cloud application security
- 6-8 years of Technical Product Security related experience, including threat modeling and attack surface analysis
- Proven track record of solving complex Product Security issues and protecting products using a risk-based approach
- Extensive knowledge of the current Product Security threat landscape and industry best practices
- Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of secure development process
- Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX and GDPR from a Product Security standpoint
- Experience working in Agile development with experience in the following technologies:
- Containers (Docker, Kubernetes, or similar)
- Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
- Continuous integration (Jenkins, Bamboo, Hudson, or similar)
- Integration of security testing tools into pipeline
- Application security testing tools (SAST, DAST, IAST, SCA, or similar)
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security
- Certifications such as CISSP, CISSP-ISSAP, CSSLP, OSCP, GSEC
Benefits at PitchBook:
Physical Health
- Comprehensive health benefits
- Additional medical wellness incentives
- STD, LTD, AD&D and life insurance
Emotional Health
- Paid sabbatical program after four years
- Paid family and paternity leave
- Annual educational stipend
- Ability to apply for tuition reimbursement
- CFA exam stipend
- Robust training programs on industry and soft skills
- Employee assistance program
- Generous allotment of vacation days, sick days and volunteer days
Social Health
- Matching gifts program
- Employee resource groups
- Subsidized emergency childcare
- Dependent Care FSA
- Company-wide events
- Employee referral bonus program
- Quarterly team building events
Financial Health
- 401k match
- Shared ownership employee stock program
- Monthly transportation stipend
*Please be aware the above PitchBook benefit and perk offerings are subject to corresponding plan and policy documents and may change during the course of your employment.
Life At PB:
We are consistently recognized as a Best Place to Work and our culture is at the heart of our success. It’s our fundamental belief that people do and create great things and that people are the cornerstone of prosperity. We believe that proactively seeking out different points of view, listening to others, learning and reflecting on what we’ve heard creates a sense of belonging within PitchBook and strengthens the PitchBook community.
We are excited to get to know you and your background. Concerned that you might not meet every requirement? We encourage you to still apply as you might be the right candidate for the role or other roles at PitchBook.
#LI-BL1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible Application security Automation CISSP Cloud Compliance DAST Docker FedRAMP GDPR GSEC IAST Incident response ISO 27001 Kubernetes OSCP Product security PSIRT Risk management SAST SOC 2 Strategy Terraform
Perks/benefits: 401(k) matching Career development Health care Medical leave Paid sabbatical Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs