Key skills
AISaaSLeadershipOWASP
About this role
Vanta is a company dedicated to helping businesses earn and prove trust through continuous security monitoring and verification. They are seeking a Senior Manager of Security to lead their Security Engineering team, focusing on defining application security strategies and implementing robust security protocols.
Responsibilities:
- Lead and grow a team of the best security engineers in the world, with a view of security that is engineering-driven, human-centric, and trust-based
- Help define the strategy for Vanta’s application security program, and empower the team to implement robust security protocols and stay ahead of emerging threats
- Leverage AI to improve efficiency of team processes, and improve the maturity of the overall security program
- Work with the Engineering and Product Development team to assess and communicate acceptable levels of risk, mitigate that risk, and help ensure that Vanta products are developed with security in mind
- Provide, both individually and through your team, expert feedback to Vanta’s Product, Engineering, and Design teams on our product offerings and serve as a strong customer voice in product development
- Represent Vanta’s products, vision, and voice as a trusted security thought leader in public security forums
Requirements:
- Strong leadership experience in engineering-driven security and an ability to lead a technical team from a foundation of transparency and trust
- Inherent alignment with our trust-based, human-centric security culture and our Security Engineering and Security Operations Team Principles – both internal to Vanta and externally – that is not based on using tactics of fear, uncertainty, or doubt as levers for action
- Strong application security experience, with emphasis on implementing security controls in a SaaS environment
- Familiarity with relevant industry regulations and standards (e.g., GDPR, ISO 27001, NIST 800-53) and experience ensuring compliance
- Experience with leveraging AI to improve security processes
- Understanding of a wide range of security technologies and an ability to stay updated on latest cybersecurity threats and trends
- Deep understanding of / ability to guide and communicate technical direction for internal application security programs, including familiarity with common vulnerabilities like OWASP Top 10, and security tooling such as SAST, DAST, and other application security testing technologies
- Ability to assess and analyze security risks comprehensively, considering both business impact and technical impact
- Ability to prioritize risk remediation with consideration to business goals and objectives
- Ability to build trust and strong partnerships internally with Product, Engineering, and other teams toward security goals
- Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact