- Security vision, strategy and execution including work forecasting.
- Understanding, owning and reducing information risk and security, including driving a strong culture of information security.
- Introducing, implementing and maintaining industry security frameworks
- Vulnerability and risk identification, mitigation and removal.
- Lead security incident response and investigation efforts
- Engendering a passionate culture of sustained innovation in which people are producing the best work of their career.
- Engender the 'Go-Live!' culture whilst balancing this with an investment into the longer term roadmap/ vision.
- Both hands on and high level guidance. Be able to work at the code face and network layer but also own and drive solid security principals based architecture.
- Former security experience working in software development/engineering environments (GitHub, GitHub Actions and BuildKite CICD)
- Familiar with container based development, runtimes and tooling (Docker, Kubernetes, Google Kubernetes Engine and Helm)
- A deep understanding of OWASP top 10 and Web Application Security
- Strong experience maintaining and complying with governance frameworks such as NIST CSF, ISO27001 and SOC2
- Deep understanding of compliance and regulatory requirements such as The Privacy Act, GDPR, CCPA and CDR
- Strong experience with threat modeling activities and threat modeling frameworks (MITRE ATT&CK, CVSS and/or STRIDE)
- Deep understanding and mastery of computer networking and operating systems on a technical level (Linux, Windows and macOS)
- Experience performing and supporting web application security and penetration testing activities, and familiarity of common tooling such as Burp Suite, Tenable, SonarQube etc
- Background and experience managing DLP (Data Loss Prevention) solutions and policies
- Experience creating and maintaining a SSDLC (Secure Systems Development Lifecycle) framework
- Familiar working with common security and vulnerability scanning tools and infrastructure Saas/PaaS solutions (Lacework, Tenable.io, CrowdStrike, Abnormal, (DLP) and Datadog)
- Experience working with platform and cloud infrastructure (AWS and GCP).
- Demonstrable commercial acumen
- Experience in successfully establishing a culture of security that leads to a genuine competitive advantage.
To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible. Email talent@finder.com with any questions or feedback.