Key skills
AWSCloudSDLCAILeadershipRisk ManagementResource PlanningMentoringTeam LeadershipOKRsCollaborationPenetration TestingCloud Security
About this role
Role Overview
- Team Leadership & Development: Mentoring, and growing security engineers. This includes running 1:1s, career development planning, performance reviews, and building a culture of continuous learning around evolving threats and technologies.
- Security Execution: Partnering with engineers on your team and the Sr. Director of Security and Integrity you’ll define and prioritize the team's quarterly and annual security initiatives, aligning them with business objectives and frameworks like NIST CSF, CIS Controls, or SOC 2. Translating risk assessments into actionable engineering work.
- Cross-Functional Collaboration: Partnering with Platform, SRE, Legal, IT, Compliance, and Product teams to embed security into the SDLC, incident response processes, and vendor management workflows.
- Incident Response & Preparedness: You’ll help the team to maintain the Security incident response program: runbooks, running tabletop exercises, on call schedules, and ensuring timely response to alerts and events.
- Product and Cloud Security: Drive product security practices and cloud security posture across our AWS infrastructure, ensuring secure architecture, configuration, and continuous monitoring of our production environments.
- Vulnerability & Risk Management: Overseeing application security testing (SAST, DAST, SCA), penetration testing programs (including bug bounty), and ensuring vulnerabilities are triaged, prioritized, and remediated within SLA.
- Corporate Security: Partnering with IT, you and the team will help ensure strong protections in corporate security including spam, EDR, and device security is mature and well executed.
- Vendor & Third-Party Risk: Helping the team evaluating security vendors, and overseeing third-party risk assessments.
- Budget & Resource Planning: In coordination with the other department managers; manage the security budget, justifying tooling spend, headcount requests.
Requirements
- 5–7 years managing a team of security engineers or similarly technical ICs. Demonstrated experience with hiring pipelines, structured interview loops, performance calibration, performance, and career laddering.
- Comfortable running daily standups and weekly 1:1s as core rituals, not afterthoughts.
- Familiar with translating frameworks like NIST CSF or CIS Controls into quarterly OKRs and sprint-level work.
- Hands-on experience building or maturing a security program at a mid-size or growth-stage organization.
- Experience overseeing AppSec tooling (SAST, DAST, SCA, Container Scanning, Secrets) and programs like penetration testing or bug bounty.
- A background working with or managing engineers who build and tune detections in a SIEM, manage alert pipelines, and reduce noise.
- Experience running an AI forward team of engineers. You’ll know how to find quick solutions to problems and you’ll help the team to similarly seek out speed and quality of execution via AI related tooling.
- A track record of working across engineering, SRE, platform, IT, and legal orgs.
- You have deep familiarity with cloud security (AWS), Application Security (particularly web native apps and authentication), endpoint security (EDR), email security (anti-spam/phishing), and device management.
- Experience evaluating security vendors, running third-party risk assessments.
- You have defined and reported on security KPIs like MTTD, MTTR, vulnerability aging, and coverage metrics.
- Demonstrated domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, corporate IT security, security operations)
Tech Stack
- AWS
- Cloud
- SDLC
Benefits
- Flexible work schedules and an unlimited time-off policy
- Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus fully-paid health reimbursement arrangement to use for out of pocket expenses and fully-paid short
- and long-term disability
- Fully paid basic and AD&D life insurance and a voluntary supplemental life insurance option
- Dependent and health care flexible spending account options
- Employee Assistance Program (EAP) benefits for employees
- Automatic 2% Employer-paid 401K contribution, plus up to an additional 6% match on employee contributions
- A minimum of three months paid medical, family and parental leave (for all new parents, adoptions included)
- Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
- Additional perks including quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times