Head of Security Engineering - Duo Security
Duo Security, now a part of Cisco, is the leading provider of Zero Trust security and multi-factor authentication delivered through the cloud.
Duo’s mission is to make security simple for everyone. We were born from a hacker ethos and a dream to make the Internet a secure place. We believe in empowering people to follow their passions inside and outside of the office and enable every employee to bring their whole self to work.
As the Head of Application Security at Duo you will drive a portfolio of application security engineering work across multiple teams within the product development components of Duo’s organization. This role is ultimately responsible for developing the tools, practices, and resources to ship safe and secure software to market. The leader in this role undertakes major cross-team initiatives such as maturing our SSDLC, developing and extending our static analysis framework, supporting early-phase product development work with expert requirements analysis and security design support, and being our in-house champion for adversary emulation against our own product and service. This job requires plenty of business savvy to focus on emerging technical needs, transition requirements to internal stakeholders, contribute to the broader security community, and helping to drive and measure results for of our product security enhancement efforts. You’ll partner closely with your peers in Product, Engineering, and SRE to help us coordinate major efforts to solve massive security challenges.
Essential capabilities include:
- Work with peers in other teams to enable rapid, safe delivery of software and services to our customers
- Develop novel static analysis tools and share them with the open source community
- Direct product security incident response activities
- Mature our SSDLC over time to meet the needs of the business.
- Ownership of threat modeling for Duo’s products and services
- Direction of internal and external code audits
- Providing a team of world-class security engineers to partner with other technical delivery teams as domain experts in security topics
- Invest in solving challenging technical cloud security problems such as DoS detection and mitigation, secure operations enclaves, at-scale audit of our cloud infrastructure, etc.
- Support management of major cross-departmental programs