"The front page of the internet,” Reddit brings over 500 million people together each month through their common interests, inviting them to share, vote, comment, and create across thousands of communities. Come for the cats, stay for the empathy.
The Reddit Security team is rapidly developing and this is an opportunity to get in and have an outsized impact on a highly skilled and motivated team. We look for humble experts with a relentlessly resourceful and entrepreneurial, “can do” view of security. We want to deliver facts and not FUD to the business to enable them to manage risk more effectively. Culture is important to us and a learning and developing mentality is vital regardless of the work assigned.
The Director of Engineering, Security reports directly to our CISO and plays a critical role in strengthening Reddit’s approach to security within our modern cloud technology stack, applications, and vendors. Managing and growing a team of infrastructure, application and operational security experts to protect the integrity of the site and the data of Reddit’s users, advertisers and employees is the core mission.
This Director will be both a builder and a strategic leader. They will be responsible for everything from designing and implementing the fundamentals of a modern security program at scale, to articulating and maintaining the overall security posture of the platform and organization. They will be responsible for building a team that will be primarily focused on infrastructure hardening, detection & response, application security, risk assessments, and modern infrastructure DevSecOps.
Reddit is looking for someone with extensive experience building collaborative security teams in a fast-growing environment, comfortable in dealing with lots of moving pieces, and comfortable learning new technologies. Most importantly, you should be enthusiastic about working with stakeholders and teams that include people with a variety of backgrounds, roles, and needs.
- Has proficiently implemented world class programs for AppSec, InfoSec, GRC, and CorpSec, keeping data safe for the company’s assets as well as employees and customers. In order to better the overall security posture they will maintain a passion around effective detection and monitoring throughout Reddit’s corporate and production environments.
- The role will have worked in environments with distributed cloud computing architectures and deep knowledge of their associated security designs and challenges (specifically AWS and GCP).
- They will have experience working with engineering and infrastructure teams to scope, enable, and implement the systems behind advanced analytic and response capabilities.
- Has experience creating and driving an overall security posture throughout an organization. Must be able to identify current needs, anticipate future needs, articulate risk and put together a balanced security plan based on business risk. This will require excellent communication skills, including the ability to convey complex security related concepts to technical and nontechnical audiences alike.
- Can determine staffing requirements, recruit, hire and manage the overall security organization.
- Will be instrumental in ensuring regulatory compliance of the current stack, inclusive of PCI, GDPR, and CCPA, as well as pave the way for ensuring SOX compliance in the coming years.
- Humble expert with a sense of urgency
- Skilled at taking complex topics and making them simple
- Transparent judgment and stands behind their decisions, right or wrong
- Team focus with an ability to lead in a matrixed organization
- Thrives in complex, high-scale environments
- Empathy for teammates and customers