Responsibilities
- leads a team of security professionals
- builds and refines security systems and processes
- implements, or drives implementation of, people, process, technical and audit controls to mitigate risk for the enterprise
- manages workload, prioritizes efforts through a business and risk lens, sets clear objectives
- develops and updates a comprehensive cybersecurity strategy
- oversees the implementation of security policies, standards, and guidelines to secure the organization
- ensures compliance with regulatory frameworks, in particular PCI and SOX, and these through a ISO/ITIL framework lens
- stay abreast of the latest security trends, threats and technologies and uses these to continuously improve the effectiveness of security controls
- guides the development and maintenance of incident response and disaster recovery plans
Requirements
- Application security / product security / DevSecOps experience (8+ years) working hands-on with engineering teams.
- Strong AppSec tooling experience: SAST, SCA, code scanning, GitHub / GitHub Advanced Security / SonarQube / Dependabot, and CI/CD integration.
- Ability to read code, assess real risk, and drive practical remediation.
- SSDLC / shift-left skills: threat modeling, security design reviews, vulnerability management.
- Strong application and API security fundamentals: authN/authZ, secrets, dependencies, injection, data protection.
- Experience with cloud-native delivery: containers, IaC, Git-based workflows, automation, and clear documentation.
Nice-to-have
Інформуватимемо про розвиток платформи й нові функції, щоб ваш пошук був ефективнішим та зручнішим