Responsibilities:

• Lead a Product Security Engineering team in technical reviews and platform based security models.
  
   
• Perform workforce management such as hire, develop, encourage, and lead a talented team of cyber security engineers and developers in implementing engineering InfoSec solutions. 
  
   
• Serve as team project manager, utilizing Agile methodology to run sprints; initiate, track, and assist as necessary to ensure successful completion of deliverables.
  
   
• Resources management:  Determine and manage resources needs and risk impacting the group, team priorities, and roadmap communicates and partners with InfoSec leaders.
  
   
• Research and Develop Product Security standards from API to Infrastructure level technologies
  
   
• Partner closely with Product, Engineering and Information Security teams to guide product and feature roadmaps to ensure security and compliance objectives are achieved
  
   
• Guide product and engineering teams in performing security design reviews and threat modeling of proposed products and feature releases
  
   
• Analyze and harden existing applications, infrastructure, automation, and deployment processes
  
   
• Integrate and/or build security tools for integration in the CI/CD and build processes and work with development teams to mitigate findings
  
   
• Work with development teams, operations, governance, and other stakeholders to document security guidance, processes and standards for Rubrik products and services
  
   
• Coordinating penetration testing / bug bounty programs and assisting with remediation
  
   
• Coordinate with security researcher community for submitted vulnerabilities and issues
  
   

Ideal Background:

• Bachelor’s degree required; BS or MS in Computer Science, Information Technology, or a related field
  
   
• 7-10+ years’ experience in product security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing
  
   
• 4+ years direct people management experience, including supervisory experience
  
   
• Knowledge of regulatory guidelines and standards such as SOC2, ISO 27001, FedRAMP, etc
  
   
• Broad knowledge of web, application, and cloud attack vectors and exploits
  
   
• Comprehension in multiple programming languages (Python, Go, Scala, C/C++, Javascript/Typescript)
  
   
• Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
  
   
• Experience with deploying and securing SaaS applications and cloud environments at scale
  
   
• Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
  
   
• Understanding of product security maturity model frameworks and how to apply them
  
   
• Team player, ability to establish priorities, deal with conflicts, work independently, proceed with objectives and can-do attitude
  
   
• A self-starter with excellent critical thinking and problem solving skills
  
   
• Strong written and verbal communication skills