Application Security Engineering Manager, Platform Security - Seattle

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.

When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that’s work worth doing.   Application Security Engineering Manager, Platform Security - Seattle   Why We Have This Role   As Qualtrics continues to expand the Experience Management (XM) SaaS platform, we must ensure that we’re protecting our customers and their data by building and operating secure systems. With over one thousand software & system engineers contributing to Qualtrics XM every day, we have a large attack surface to evaluate and secure. This role is critical to this mission. Qualtrics is seeking an experienced security engineer with a passion for security and demonstrated leadership abilities to manage our Application Security team. The role may also have oversight of other related areas such as infrastructure and cloud security. This is a new role reporting to the head of platform security that includes a mix of people management, hiring, strategy, program operations and hands-on security engineering responsibilities.   The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, network security, security operations and incident response, and security assurance.     How You’ll Find Success

• You will define and drive improvements to the product and application security program; hire, mentor, and support a team of skilled security engineers; and work effectively with the Qualtrics engineering organization and fellow security team members to protect our customers and their data by building and operating secure systems.
• Experience with assessing/securing large, complex SaaS applications
• One or more relevant security certifications (CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
• Two or more years of experience as a people manager
• Use of agile methodologies for project management
• Manual web application penetration testing experience, including the use of professional penetration testing tools (e.g., Burp Suite)
• Strong familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure & technologies
• Experience securing iOS/Android mobile apps
• Prior full time software development experience is strongly preferred

  How You’ll Grow

• Exercise and grow your leadership skills by providing program strategy (e.g., defining what the future of our appsec program should look like), thought leadership (e.g., influencing others across the organization to adopt new solutions which solve security problems at scale), project & program leadership (e.g., getting critical initiatives to completion), people leadership (e.g., mentoring team members to help them also grow and take on new responsibilities)
• Continuous learning - you will have the opportunity to learn about the variety of modern technologies and frameworks being utilized or added to the Qualtrics application ecosystem so that you can ensure we are successfully applying securing them.

  Things You’ll Do

• Develop and execute the product & application security architecture and program strategy; align and communicate roadmaps with stakeholders
• Support and manage a team of security engineers through regular 1-on-1 sessions and team meetings, coaching, workload management and performance reviews
• Review source code & software/system designs, and consult with engineers across the organization to identify and/or avoid security issues through alignment with security standards and best practices
• Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code to propose and drive architectural improvements which address classes of security flaws in the platform
• Document and improve secure development lifecycle processes, standards and guidelines
• Deliver training and provide mentoring to software engineers on security topics
• Facilitate threat modeling exercises to ensure optimized security design decisions are being made
• Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
• Oversee bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
• Oversee internal purple and red team exercises to proactively evaluate Qualtrics environments for security flaws
• Direct the selection, design, development, implementation and management of automated security testing tools; maintain relationships with product vendors and manage contract lifecycles

  What We’re Looking For On Your Resume

• Bachelor’s degree in Computer Science or a related field
• Over 10 years of relevant work experience
• Experience as a senior/staff/lead security engineer in product or application security
• Experience leading security projects and initiatives that require collaboration with teams across an organization
• Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
• Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)

  What You Should Know About This Team

• We work with a wide array of modern technologies and need to scale our solutions to tens of thousands of end points, over a thousand engineers, and worldwide data centers and cloud environments
• We emphasize establishing a career development plan and will help you to find meaningful work assignments, learning opportunities and mentorships which will aid your growth and development
• We work closely with our peer platform security teams and enjoy coming together in person and remotely to build relationships and have fun

  Our Team’s Favorite Perks and Benefits

• Qualtrics pays 100% of the healthcare benefit premiums for employees and their dependents.
• Catered lunches, free snacks and drinks
• Full time employees receive an annual experience bonus after their first year of employment. Qualtrics Experience Bonus is a program designed to provide experiences to our employees they might not otherwise have.
• We spend 10% of our time on individual engineering growth activities every quarter
• Quarterly book budget to continue learning and quarterly fitness budget

  The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.   Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.   ​​​​​​​Applicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act,Equal Opportunity Employment,Employee Polygraph Protection Act   Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.   Not finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.  

 

 

For full-time positions, this pay range is for base per year; however, base pay offered may vary depending on location, job-related knowledge, education, skills, and experience. For part-time or intern positions, this pay range is for base pay per hour. A sign-on bonus and restricted stock units may be included in an employment offer, in addition to a range of medical, financial, and other benefits, based on eligibility criteria.

Washington State Pay Transparency Range$166,000—$302,500 USD