At Netlify, we're building a platform to empower web developers to build better, more elaborate web projects than ever before. We're aiming to change the landscape of modern web development. Netlify currently serves more than 800,000 developers worldwide.
We recently raised $53M in Series C funding to bring forward the next generation of tooling for a more accessible web. This round was led by the EQT Ventures with participation from existing investors Andreessen Horowitz & Kleiner Perkins. This brings Netlify’s funding raised in total to $107M to date. Other past investors include Bloomberg Beta, Designer Fund, and Tank Hill Ventures, as well as the founders of Figma, GitHub, Slack and Yelp.
Netlify is a diverse group of incredible talent from all over the world. We’re ~44% woman or non-binary, and are composed of about half as many nationalities as we are team members.
About the Opportunity
The mission of Netlify's security team is to secure our assets for the future. As a founding member of our team, you’ll be reporting directly into the Director of Security and will be dedicated to managing all of our compliance and audit needs for the organization. You’ll be hands on with Soc2 and PCI audits, in addition to owning all questionnaires and risk and vendor assessments. As the owner of all security compliance needs, you’ll be partnering with various business owners, building long term partnerships ties throughout sales and engineering and driving continual process improvements. Through your work, you’ll be impacting how we serve our clients for years to come. If you’ve worked in-house as a Security Analyst or have experience with a broader consulting team, we want to hear from you!
As a remote-first company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Netlify is the type of company where you can balance great work with great life. Our team is biased towards asynchronous planning and communication, meaning less meetings and more execution. We take documentation seriously and place our values of transparency, empowerment, and commitment at the forefront of everything we do. We’re driven by passion and we make sure that everyone on the team knows their value, feels ownership over their work, and can quickly see the impact of their efforts. Beyond just hiring smart, empathetic team members, we foster a culture where there are no dumb questions and our team can get access to the resources that they need to continue to learn.
What You'll Bring:
- A history of executing audits of a company’s IT environment that meet various frameworks and standards, such as SOC Trust Service Criteria, PCI and ISO 27001, in addition to prior exposure to building processes that meet privacy regulations such as GDPR and CCPA.
- A breadth of experience in performing IT controls testing and developing recommendations based on confirmed observations.
- Significant experience to performing audit activities with process and control owners as well as external auditors. It is a bonus if you've had experiences as an IT auditor with “Big Four” or technology company.
- Prior exposure working with engineering teams and familiarity with the software development lifecycle, in addition to a solid understanding of access control and change management within various cloud providers (AWS, Azure, GCP, etc).
- A high level of comfort working with process and control owners to help them understand the audit results, identify remediation options, and prioritize their closure.
- Experience in addressing customers’ inquiry on our security posture.
- Strong analytical and problem solving skills and the ability to “think-out-of-the-box”.
- Ability to collaborate with both internal and external stakeholders.
- Leads by example, seek to understand through active listening and questioning, actively address problems you identify and assume responsibility for your work.
- The ability to work business hours within PST > EST time zones.
Within 1 month, you’ll:
- You’ll begin the journey of understanding the complexities around our business, customer, and security needs. We believe strongly that it’s essential for you to take the time to become familiar with our space & how we operate!
- Have one-on-ones with some of the people that you’ll be working closely with, including members of the Security and engineering teams.
- Begin to partner with our Director of Security by jumping in to help with the existing audits in-process. You’ll present first-time observations about the team, tools, processes, and growth opportunities.
Within 3 months, you’ll:
- Partner with our manager around align with your goals and passions with projects on the team roadmap.
- Establish strong async communication rhythms with your peers and leaders, practicing transparency and visibility in your progress against areas of focus.
- Partner closely with external auditors to manage processes and will work closely with the Security Team in identifying security gaps as reported by internal and external customers.
- Assist various teams in assessing security impact on changes to their systems and applications.
- Identify opportunities for improvement and defining a plan of how to solve any gaps.
Within 6 months, you’ll:
- Elevate the work of the team and become a subject matter expert in compliance and risk needs. You’ll oversee all process improvement related to compliance and will be responding to customers’ inquiry and questionnaires related to the company’s security processes.
- Demonstrate ability to organize around multiple ongoing streams of work.
- Fortify relationships with cross functional players across the organization.
- Own the development of the appropriate security documentation, including system security plan, information security policy and risk assessment procedure.
- Solicit feedback from your peers across departments and support your team through thoughtful feedback.
Within 12 months, you’ll:
- Have attended a conference with our training budget to help expand your knowledge base.
- Coach and mentor other team members within Netlify's security team.
- Have ownership over all risk and compliance needs for internal and external customers. As we continue to grow, you’ll have the ability to manage all future processes and help us continue to expand our team and offerings.
At Netlify, we are a growing company that is constantly evolving so this timeline is intended to show you an example of what you can expect from the role. Keep in mind we're always iterating, learning, and growing, thus expect these guidelines to continue to evolve as we expand. We're excited for you to join us on the journey!
Of everything we've ever built at Netlify, we are most proud of our team.
We believe that empowered, engaged colleagues do their best work. We’ll be giving you the tools you need to succeed and looking to you for suggestions to improve not just in your daily job, but every aspect of building a company. Whether you work from our main office in San Francisco or you are a remote employee, we’ll be working together a lot—paring, collaborating, debating, and learning. We want you to succeed! About 70% of the company are remote across the globe, the rest are in our HQ in San Francisco.
To learn a bit more about our team and who we are, make sure to visit our about page.
Not sure you meet 100% of our qualifications? Please apply anyway!
When applying please include: A resume or short listing of your job history & skills. (A link to a LinkedIn profile would be fine). A cover letter explaining why you would enjoy working in this role and why you’d like to work at Netlify would be great, though not required & will not impact your application. When we receive your application we’ll get back to you about the next steps.
Netlify is an Equal Opportunity Employer. We are devoted to building a team of people with diverse backgrounds and lifestyles. We believe that the unique contributions of all Netlifolks is the driver of our success. We are all responsible for bringing on people from all walks of life. Driving equality empowers our team, enables us to innovate, and helps us maintain a more inclusive environment. We don’t discriminate against employees or applicants based on gender identity or expression, sexual orientation, religion, age, race, military/veteran status, citizenship, pregnancy status, or any other differences. If we can do anything to provide a better interview, i.e. accommodate a disability, then please let us know.