Distinguished Security Engineer

Location Details: 

At GoDaddy the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely.

This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or offsites.

This position is not eligible to be performed in Alaska, Colorado, Mississippi, North Dakota, or the Virgin Islands.

What you'll get to do...

A Distinguished Security Engineer in GoDaddy's Information Security division, leads all aspects in driving and establishing our multi-year security strategy, integrating security into our business units across our company. This role has core accountability in driving vital initiatives, as we integrate security into our Software Development Process, end-to-end, within GoDaddy’s Commerce business division.

• Establish dedicated cyber security capabilities required to ensure security of GoDaddy’s commerce solutions, including, but not limited to security of payment systems, infrastructure, and devices
• Develop, coach, and mentor a team of engineers and growth leaders, while coordinating closely with product/program managers, other engineering leaders and business partners
• Coordinate enterprise security strategy to integrate security capabilities into software/system development lifecycle to support the business
• Operationalize Design Reviews, SAST, DAST and other capabilities required to scale security reviews across the organization
• Assess offensive security capabilities required to pro-actively assess security posture of systems and drive remediation
• Implement agile, business coordinated security certification program to enable business while ensuring security is a core part of product design and development
• Drive program management activities required to establish effective delivery and execution of SSDLC activities
• Identify security standards and requirements for embracing new and emerging technologies and platforms
• Partner with business collaborators to help define and prioritize security initiatives and investments
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities
• Operationalize continuous testing and validation of security controls
• Partner internally and externally with our audit teams to drive gap assessments, cyber security and other audit requirements to support the organization
• Partner closely with Finance, Operation, IT, executive management, and key product leaders to build a shared vision
• Collaborate with business partners to define and prioritize security initiatives and investments

Your experience should include...

• 10+ years’ validated experience in cyber security engineering with focus on secure design and development
• Prior experience defining security strategy, goals and targets
• Experience in security across the payments industry
• Hands on expertise in hardware and device security including, trusted computing, trusted execution environment, tamper detection and response, etc
• Able to build and secure payment systems and platforms
• Expertise in applied cryptography, hardware security modules (HSM) with understanding of FIPS 140 requirements and standards for cryptography modules that include both hardware and software components
• Validated experience architecting and securely deploying large scale systems in public cloud (AWS) infrastructure
• Experience driving and supporting security audits and certifications including PCI DSS, PCI PTS and SOC 2
• Confirmed experience integrating security capabilities into business units to drive and address business specific challenges
• Knowledgeable in threat modeling or other risk identification techniques, and risk management
• Ability to lead and perform offensive security testing including penetration testing and red team exercises
• Familiar with a fast-paced environment with minimal process and maximum efficiency
• Owned project delivery for large, multi-functional projects with evolving requirements
• A mentor and leader to other managers and security engineers, while building and maintaining high agility and high morale
• Excellent written and verbal technical communication with an ability to present sophisticated technical information in a clear and concise manner to a variety of audiences

You might also have...

• Bachelor’s degree in information security, Computer Science or related field
• Master’s in information security
• Strong project management experience desired for working on multi-functional projects

We've got your back... Enjoy our many benefits (My Wallet), which may vary depending on role and tenure, including paid time off, 401k, bonus eligibility, equity grants and parental leave. Join one of our employee resource groups (Culture). Once approved, continue to have a side hustle if you have one (we love entrepreneurs, remember?). Most importantly, come as you are and make your own way.

About us... GoDaddy is empowering everyday entrepreneurs around the world by providing all of the help and tools to succeed online. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights and the people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us (https://aboutus.godaddy.net/about-us/overview/default.aspx.) 

GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, creed, sex, sexual orientation, gender, gender identity or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.

If you need help completing an application for a position with GoDaddy, please reach out to our Recruiting Team at myrecruiter@godaddy.com.

 GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.