Responsibilities:

• Lead a Product Security Engineering team in technical reviews and platform based security models.

   

• Perform workforce management such as hire, develop, encourage, and lead a talented team of cyber security engineers and developers in implementing engineering InfoSec solutions. 

   

• Serve as team project manager, utilizing Agile methodology to run sprints; initiate, track, and assist as necessary to ensure successful completion of deliverables.

   

• Resources management:  Determine and manage resources needs and risk impacting the group, team priorities, and roadmap communicates and partners with InfoSec leaders.

   

• Research and Develop Product Security standards from API to Infrastructure level technologies

   

• Partner closely with Product, Engineering and Information Security teams to guide product and feature roadmaps to ensure security and compliance objectives are achieved

   

• Guide product and engineering teams in performing security design reviews and threat modeling of proposed products and feature releases

   

• Analyze and harden existing applications, infrastructure, automation, and deployment processes

   

• Integrate and/or build security tools for integration in the CI/CD and build processes and work with development teams to mitigate findings

   

• Work with development teams, operations, governance, and other stakeholders to document security guidance, processes and standards for Rubrik products and services

   

• Coordinating penetration testing / bug bounty programs and assisting with remediation

   

• Coordinate with security researcher community for submitted vulnerabilities and issues

   

Ideal Background:

• Bachelor’s degree required; BS or MS in Computer Science, Information Technology, or a related field

   

• 7-10+ years’ experience in product security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing

   

• 4+ years direct people management experience, including supervisory experience

   

• Knowledge of regulatory guidelines and standards such as SOC2, ISO 27001, FedRAMP, etc

   

• Broad knowledge of web, application, and cloud attack vectors and exploits

   

• Comprehension in multiple programming languages (Python, Go, Scala, C/C++, Javascript/Typescript)

   

• Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)

   

• Experience with deploying and securing SaaS applications and cloud environments at scale

   

• Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices

   

• Understanding of product security maturity model frameworks and how to apply them

   

• Team player, ability to establish priorities, deal with conflicts, work independently, proceed with objectives and can-do attitude

   

• A self-starter with excellent critical thinking and problem solving skills

   

• Strong written and verbal communication skills