ZipRecruiter is looking for an experienced Director of Security to join our Security team. This role will provide the direction and operational management of information and application security at ZipRecruiter.
The Director of Security will ensure the privacy and protection of our company and customer data and will have a deep understanding of risk management. They will lead security design and review and manage our overall security obligations. This hands-on role will collaborate with the ZipRecruiter engineering team to identify and remediate security vulnerabilities, provide security guidance and best practices, and be an advocate for an overall culture of security.
In addition, a great candidate will have excellent people skills. Kind, respectful interaction with both internal and external parties is an integral part of our culture. This position also requires clear and concise writing skills to keep everyone aligned via different channels. We are seeking a candidate with all of these skills who will also be sensitive and welcoming to a wide diversity of cultural and technical backgrounds that we encounter in our global business.
What you'll be doing:
- Guide, support, and partner with Engineering, Product, and Legal on security obligations.
- Propose and implement production security improvements (e.g. WAF, IDS/IPS, XSS testing, incident response process.).
- Review and advise on refinement of production security systems.
- Coordinate, participate in, and communicate the results of security scans (third party or in-house scans).
- Lead, manage, and participate in incident response.
- Assess our environments for any new or existing vulnerabilities and lead remediation, prevention, and monitoring efforts.
- Triage and prioritize issues reported through our bug bounty program.
- Patch/update management (responding to and mitigating industry-wide exploits).
- Focus on data security, ensuring access is restricted where appropriate.
- Review and update security policies and drive policy creation where needed.
- Own and drive individual contributions on security projects and prepare presentations as needed.
- Collaborate with Legal and Compliance to establish company obligations and identify any needed changes in procedures.
- Create and implement monitoring and alerting procedures.
- Assess potential vendors and evaluate the effectiveness of their security and the risk level of engaging with them.
- Respond to vendor security questionnaires and demonstrate the company's ability to be a secure partner.
- Maintain latest knowledge on threats, trends, best practices, and technology for security and compliance.
- Promote a security-conscious culture while encouraging automation and other developer-friendly approaches.
What we're looking for:
- Demonstrable experience of 5+ years in the management and implementation of various security teams or programs.
- Experience and strong comfort working with cross-functional teams.
- Demonstrable experience measuring security effectiveness.
- Experience in conducting vendor risk assessments.
- Strong software engineering skills.
- Strong knowledge of web development security best practices.
- Experience with security products (e.g. WAF, IDS/IPS).
- Extensive knowledge of SSH and security in a Linux environment.
- Experience with AWS security (e.g. security groups, IAM, VPC).
- Ethical hacker certification or related experience.
- Data forensics experience for incident investigations is desired, but not required.
- Experience with security and attestation frameworks.
- Strong subject matter experience in security (IT security, cyber security, and exposure to compliance areas like PCI).
- Ability to effectively communicate policies and related content to technical and non-technical stakeholders across the company.
- Ability to advise and influence various cross-team stakeholders and upper management in regards to security best practice and risk analysis.
- Able to deliver high-level results with minimal direction.
Benefits & Perks:
- A fun environment where work-life balance is valued
- Opportunities for advancement as our young startup grows
- Very competitive salary
- Generous bonus plan
- Employer-matched 401(k) plan
- Competitive benefits package
- Healthy snacks
- Local gym discount
- Attractive paid time off policy - Open/Flexible vacation policy
ZipRecruiter is an equal opportunity employer (M/F/D/V). All applicants must be authorized to work in the U.S. This organization uses E-Verify.