At SecurityScorecard, we are revolutionizing the cyber security industry, and we want YOU to be part of the change! Our SaaS products have created a new category of enterprise software, which companies worldwide rely on to manage the cyber security posture of their vendors.
Backed by Sequoia and Google Ventures, we are growing tremendously year over year. As we scale, so does our need for talent - if you are intellectually curious and excited by the idea of contributing to a high-growth startup, we’d love to talk to you!
About the role
The Lead Security Engineer is responsible for the overall direction of all Information Technology Security at SecurityScorecard. He/she works closely with the technology organization and must have strong working knowledge of information technology. This position will be responsible for establishing and maintaining a culture of compliance and will work directly with the operations, engineering, financial, and executive teams at SecurityScorecard to adopt best practices designed to protect the organization and its assets. This is a hands-on role and will not have any direct reports.
- Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security, particularly as they relate to the web application environment
- Provide education and training of all staff related to best practices and current regulation related to security
- Create and enforce required or best practice policies, as appropriate, to support a world-class secure infrastructure
- Implement security-related system changes and process changes
- Serve as primary point of contact for all external audits
- Manage all ongoing assessments and continual audits of infrastructure to ensure no breaches exist
- Enforce standards through clear and well-communicated guidelines
- Conduct internal monitoring and auditing
- Conduct regular risk assessments and response plans
- Ensure that all security procedures are in place and maintained
- Evaluate and manage third parties to continually test and expose vulnerabilities
Required Skills & Qualifications:
- 5 years of experience in information security or a related field
- At least 3 years of experience as a software engineer or systems administrator with responsibility for highly sensitive data
- Expert level knowledge of modern tools and systems to protect sensitive data
- Strong communication skills and track record of working with engineering and auditors to truly protect sensitive data