Security Engineering Manager

--

Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter! 

--

Security Engineering Manager

Role & Responsibilities

The Security Engineer Manager will be a thoughtful leader of the technical team responsible for worldwide cloud infrastructure and application security at Headspace. You will help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data such as user and customer information. You work hands-on with cloud infrastructure and actively monitor the Headspace systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities. You will use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues. Beyond the methodologies and tools, it is important for you to drive a culture of security and develop an attacker's mind-set. 

This individual will also work closely with the engineering, product, customer success and sales teams, as well as internal and external auditors to promote security and compliance best practices. The position will also act as a technical resource across the larger organization and external partners. 

Essential Job Functions

• Use your leadership skills to manage a team that sets the direction and goals for overall security and privacy controls. 
• Help identify fundamental security problems and drive major security improvements in the infrastructure and applications.
• Interact closely with other cyber security architects, privacy officers, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
• Review webapp and mobile code for security vulnerabilities and propose fixes to the development team.
• Ensure product security via static and dynamic scanning of applications and automation into the integration and deployment pipelines.
• Promote Infrastructure-as-Code and the benefits of resilience, consistency, and rapid iteration of the infrastructure security posture.
• Manage the maturity of the serverless and containerization approach to infrastructure.
• Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements.
• Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over effectiveness of controls.
• Conduct ad-hoc security architecture/application reviews to assess new risks, manage penetration testing researcher relationships, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.

Requirements

• BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
• 5+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in a regulated industry such as healthcare, banking or financial services.
• Experience leading a high-performing team. Ability to connect your team with business context. You love building diverse, inclusive, and high-performing teams and excel at maintaining healthy cross-functional relationships.
• Strong knowledge and understanding of common web and mobile vulnerabilities and mitigations including OWASP Top 10, Content Security Policy (CSP) and the MITRE ATT&CK framework.
• Experience building and deploying applications using cloud infrastructure on AWS using modern serverless and container technologies.
• Experience configuring and monitoring AWS Security artifacts  such as WAF, ALB/ELB, Guard Duty, SSM, Config, CloudTrail, CloudWatch, Inspector, Detective among others.
• Hand-on experience with Static and Dynamic vulnerability scanning tools such as SonarQube, Qualys, Rapid7 Appsec, among others.
• Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle.
• Experience in scripting Python, Javascript, Shell programming and mobile app development with iOS, Android and hybrid technologies such as Flutter.
• Familiarity with one or more industry security compliance frameworks and/or regulations  such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, CIS, HITRUST, SSAE16, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor.
• Attention to detail and a thorough approach to problem-solving.
• Ability to efficiently handle ambiguity and appropriately prioritize competing projects.
• Ability to work autonomously on multiple projects with a geographically distributed team.
• Strong written and verbal communication skills.

Preferred Qualifications

• CISSP, CISM certifications.

• AWS Solutions Architect certification.

• Certified Ethical Hacker and/or OSCP certification.

--

How we feel about Diversity & Inclusion:   Headspace Health is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace.    *Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.