Director of Application Security
We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJ’s, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges faced today.
We're looking for an experienced security leader to drive a portfolio of application security engineering work across multiple teams within the product development components of Duo’s organization. This role is ultimately responsible for developing the tools, practices, and resources to ship safe and secure software to market. The leader in this role undertakes major cross-team initiatives such as formalizing and maturing our SSDLC, developing and extending our static analysis framework, supporting early-phase product development work with expert requirements analysis and security design support, and being our in-house champion for adversary emulation against our own product and service. This job requires plenty of business savvy to focus on emerging technical needs, transition requirements to internal stakeholders, contribute to the broader security community, and helping to drive and measure results for of our product security enhancement efforts. You’ll partner closely with your peers in Product, Engineering, and Technical Operations to help us coordinate major efforts to solve massive security challenges.
What you’ll do…- Work with peers in other teams to enable rapid, safe delivery of software and services to our customers
- Develop novel static analysis tools and share them with the open source community
- Direct product security incident response activities
- Develop a bug bounty program
- Formalize our SSDLC and mature it over time to meet the needs of the business.
- Ownership of threat modeling for Duo’s products and services
- Direction of internal and external code audits
- Providing a team of world-class security engineers to partner with other technical delivery teams as domain experts in security topics
- Invest in solving challenging technical cloud security problems such as DoS detection and mitigation, secure operations enclaves, at-scale audit of our cloud infrastructure, etc.
- Support management of major cross-departmental programs
- 5+ years of experience managing a technical security organization (security engineering, security test/evaluation, or security research preferred)
- BS or advanced degree in Computer Science or a related technical discipline
- Proven track record of delivery related to product and application security matters
- Ability to operate effectively in situations with high degrees of uncertainty
- Experience supporting large software engineering organizations with security design and security requirements analysis practices
- Experience managing product security incidents and managing vulnerability discovery/remediation efforts
- Expert-level understanding of foundational security problems, technology, and market landscape
- Experience collaborating successfully with product and engineering groups
- You’re flexible, learn quickly, and can take on any kind of challenge
- You’re comfortable navigating a rapidly growing organization to get the right people involved and the right things done
- You love to win as a team
- You take initiative
- You develop great relationships with people
Does this sound like it was written for you? Excellent! Please apply and let’s explore this together.