Sr. Director, Cybersecurity

Join to apply for the Sr. Director, Cybersecurity role at BugcrowdWe are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.We seek a hands-on, technical security leader who can build security monitoring, reference architectures, deploy tools, integrate platforms, and assess modern cloud-native applications and infrastructure — and who can lead teams executing that mission successfully. You lead with an open mind, a can-do attitude, seek truth and alignment over winning arguments, and view incident response as an opportunity to learn, grow, and improve partnership across our global teams.ResponsibilitiesDefine the Cyber Security Strategy for Bugcrowd and identify improvements to the threat landscape, internal risk tolerance objectives, and/or compliance objectives.Ensure the technical aspects of vendor acquisitions and tools are safe for Bugcrowd's use, in coordination with IT and compliance teams.Assess corporate technology systems, determine strategy for changes, enhancements and improvements; implement the same from a cyber security perspective.Carry out and fulfill the cyber security strategy of Bugcrowd, proactively improving the security posture over time.Work with GRC to design, develop, implement and coordinate policies and procedures for SOC-2, NIST 800-53v4, ISO27001, ISO27018, and FedRAMP compliance.Represent Bugcrowd in internal and external audits for SOC-2, ISO27001, and ISO27018.AppSec and Product Security LeadershipManage Bugcrowd's bug bounty program, ensuring clients have a standard to aspire to when running their own bounty programs.Analyze new features prior to development or launch to ensure security measures are sufficient (security architecture and security testing).Manage access controls for Bugcrowd's production codebase (GitHub).Approve and analyze authorization requests to production data (AWS, GitHub, Tableau, etc.).Perform regular audits of Bugcrowd's cloud infrastructure and assist with architecture of cloud solutions from a security perspective.Manage and audit all vulnerability scans (internal and external) for all systems (Qualys and Nessus).Proactively test and identify issues within pull requests and production (code review and penetration testing).Automate security tasks to proactively identify and fix security issues (Python, Go, JS, Ruby).Perform configuration management across all Bugcrowd systems (IT and cloud).Perform code audits on new features and patches.Security Operations, Detection and Incident ResponsePerform incident response for all parts of the business (on-call 24x7) and conduct root cause analysis to mitigate future incidents; help form an Incident Response Plan (IRP).Conduct threat intelligence to proactively identify issues affecting Bugcrowd's security posture.Plan and implement security controls in collaboration with required teams.Monitor security controls for all systems (SIEM usage) and build a team to do the same.Perform malware analysis when required during IR.Coordinate red team engagements and implement security controls to mitigate findings.Develop security awareness materials for all roles within Bugcrowd.Assist Legal with GDPR-related issues from researchers and programs.Management and Team LeadershipConduct tabletop exercises to prepare for future threats.Assist with business continuity testing and represent technical controls in ISMS discussions.Supervisory ResponsibilityLead and manage a team of internal cybersecurity professionals.Train and grow the security team with defined, measured objectives.Support Security Leadership with delegated responsibilities and foster collaboration across the organization.Manage a team with strong attack and defense skills.Knowledge, Skills, and AbilitiesProven experience leading Cyber Security (penetration testing, red teaming, GRC, IR, secure development, and security architecture) in a startup and growing company.Excellent knowledge of technical security controls across cloud, web, infrastructure, IT, and compliance.Experience in data governance, data architecture, data flow and system architecture.Hands-on experience with penetration testing, red teaming, and security patch bypass testing.Independent work style with strong organizational and communication skills.Technical stack familiarity: Mac OS, Python, JavaScript, Ruby, Go, Java, Kotlin, Postgres, G Suite, Cisco Umbrella, Netskope, CrowdStrike, GitHub, AWS, Heroku, Cloudflare, DataDog, JAMF, etc.Familiarity with Jira is a plus.Experience with ISO27001, ISO27018, NIST 800-53v4, and SOC 2 audits is required.Degree in Computer Science, cyber security, MIS or equivalent experience desirable but not required.Willingness to work hard, learn new skills, solve problems, and integrate with the team.Willingness to support a global organization with limited staff via off-hours activity while maintaining work-life balance.Working ConditionsThe ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.Remote, work-from-home 100% of the time.ADA and EEOBugcrowd is committed to full inclusion of all qualified individuals. Reasonable accommodations are available; contact HR at ada@bugcrowd.com.Bugcrowd is an equal opportunity employer. We do not discriminate based on race, color, religion, national origin, age, sex, disability, veteran status, gender identity, or sexual orientation.CultureWe value diversity and inclusion and strive to make Bugcrowd a great place to work for all backgrounds.We may highlight that Bugcrowd values broad perspectives and aims to be a family-like environment.Legal and Application DetailsThis position may involve access to highly confidential information; background checks may be conducted as required by law. Apply at: https://www.bugcrowd.com/about/careers/Job MetadataSeniority level: DirectorEmployment type: Full-timeJob function: Information TechnologyIndustries: Computer and Network Security #J-18808-Ljbffr