Security Engineering Manager
Remote - U.S.
Applications have closed
Ginger
Headspace can support any team, of any size, at any time through EAP, coaching, therapy, psychiatry services, meditation & mindfulness.--
Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter!
--
Security Engineering Manager
Role & ResponsibilitiesThe Security Engineer Manager will be a thoughtful leader of the technical team responsible for worldwide cloud infrastructure and application security at Headspace. You will help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data such as user and customer information. You work hands-on with cloud infrastructure and actively monitor the Headspace systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities. You will use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues. Beyond the methodologies and tools, it is important for you to drive a culture of security and develop an attacker's mind-set.
This individual will also work closely with the engineering, product, customer success and sales teams, as well as internal and external auditors to promote security and compliance best practices. The position will also act as a technical resource across the larger organization and external partners.
Essential Job Functions
- Use your leadership skills to manage a team that sets the direction and goals for overall security and privacy controls.
- Help identify fundamental security problems and drive major security improvements in the infrastructure and applications.
- Interact closely with other cyber security architects, privacy officers, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements.
- Review webapp and mobile code for security vulnerabilities and propose fixes to the development team.
- Ensure product security via static and dynamic scanning of applications and automation into the integration and deployment pipelines.
- Promote Infrastructure-as-Code and the benefits of resilience, consistency, and rapid iteration of the infrastructure security posture.
- Manage the maturity of the serverless and containerization approach to infrastructure.
- Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all the compliance requirements.
- Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace stack. Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over effectiveness of controls.
- Conduct ad-hoc security architecture/application reviews to assess new risks, manage penetration testing researcher relationships, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.
Requirements
- BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Math)
- 5+ years of relevant experience in architecting security solutions and in-depth knowledge of security protocols/tools, and automation in a regulated industry such as healthcare, banking or financial services.
- Experience leading a high-performing team. Ability to connect your team with business context. You love building diverse, inclusive, and high-performing teams and excel at maintaining healthy cross-functional relationships.
- Strong knowledge and understanding of common web and mobile vulnerabilities and mitigations including OWASP Top 10, Content Security Policy (CSP) and the MITRE ATT&CK framework.
- Experience building and deploying applications using cloud infrastructure on AWS using modern serverless and container technologies.
- Experience configuring and monitoring AWS Security artifacts such as WAF, ALB/ELB, Guard Duty, SSM, Config, CloudTrail, CloudWatch, Inspector, Detective among others.
- Hand-on experience with Static and Dynamic vulnerability scanning tools such as SonarQube, Qualys, Rapid7 Appsec, among others.
- Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle.
- Experience in scripting Python, Javascript, Shell programming and mobile app development with iOS, Android and hybrid technologies such as Flutter.
- Familiarity with one or more industry security compliance frameworks and/or regulations such as ISO 27001/2, PCI-DSS, HIPAA, GDPR, FedRAMP, CIS, HITRUST, SSAE16, SOC 1, SOC 2, International Privacy Requirements including EU Privacy and Safe Harbor.
- Attention to detail and a thorough approach to problem-solving.
- Ability to efficiently handle ambiguity and appropriately prioritize competing projects.
- Ability to work autonomously on multiple projects with a geographically distributed team.
- Strong written and verbal communication skills.
Preferred Qualifications
- CISSP, CISM certifications.
- AWS Solutions Architect certification.
- Certified Ethical Hacker and/or OSCP certification.
--
How we feel about Diversity & Inclusion: Headspace Health is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. *Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.Tags: Agile Android Application security Automation AWS Banking CISM CISSP Cloud Compliance FedRAMP GDPR HIPAA HITRUST iOS ISO 27001 JavaScript MITRE ATT&CK Monitoring OSCP OWASP Pentesting Privacy Product security Python Qualys Scripting SOC 1 SOC 2 SonarQube STEM Vulnerabilities
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs