Director, Security Engineering
Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce and campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product and marketing professionals to accelerate innovation, lower the risk of new features, and drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely’s impressive customer list includes eBay, FOX, IBM, The New York Times and many more global enterprises.Job Description
Lead the security engineering team and the software security program at Optimizely. The security engineering team supports Optimizely’s product development team to ensure that security is baked in throughout our infrastructure and software development lifecycle.
How you will make an impact:
- Hire and retain talent to grow the security engineering team
- Maximize the impact of our highly-leveraged security engineers across engineering
- Support Optimizely’s product development organization by facilitating the software security program
- Build and maintain product security strategy, roadmap and metrics
- Security governance with software security metrics, security OKRs for engineering teams and quarterly security service delivery reviews
- Support security risk management
- Participate in the Security and Privacy steering committee; periodically update senior executive staff on product security initiatives
- Support Optimizely’s compliance programs - PCI, ISO 27001, SOC 2 via the development, implementation and governance of common controls for our products and infrastructure
- Partner with the Privacy Director to support Optimizely’s privacy engineering efforts
- Facilitate information security assessment and testing, including:
- penetration testing
- vulnerability scanning and mitigation
- secure coding and testing practices
- authentication, access, and authorization controls
- Build monitor/alert infrastructure for intrusion prevention
- Maintain a strong customer focus and translate customer needs into security, privacy and compliance features and public facing documents
- Answer customers’ questions about security
- 10+ years of experience in the domains of information security and software engineering
- 5+ years of people management experience
- Knowledge and experience with Internet application and mobile app security practices and techniques, especially OWASP
- Knowledge and experience in maintaining operational computer and network security, applied cryptography, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
- Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, and reporting status
- Professional experience with information security in enterprise SaaS services strongly preferred
- Experience championing the adoption of security into the SDLC via process, CI/CD automation and formal security reviews of new products.
- Experience working in an engineering culture that emphasizes DevOps, and continuous delivery.
- Experience with defining and implementing security in cloud environments (especially AWS or GCP)
- Ability to cooperatively and effectively work with people from all organizational levels
- Excellent written and verbal communication skills; proven security program and project management skills
- Bachelor’s Degree in Computer Science or equivalent experience
At Optimizely, we embody inclusion and embrace diversity. We believe in work/life balance and bringing our true selves to work. To that end, we offer best-in-class perks and benefits that support our Optinauts along their career journey with us. Read more about our culture at optimizely.com/careers.
Optimizely is an equal opportunity employer and makes employment decisions on the basis of merit. Optimizely prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.