Security Engineering Director
Engineering | Austin, TX or Foster City, CA | Full Time
Arena is looking for a hands-on application security expert to join as a core member of the engineering team. In this role, you will drive the best practice of overall SaaS application security. You will collaborate with other teams including Product Management, Engineering, Compliance and Operations to lead design and execution of security initiatives. You will serve as an overall security technology expert and ensure that security is an integral part of the design and implementation of our product/technology roadmaps.
This position will report to the EVP, Engineering. This position can be located in either our Austin, TX or Foster City, CA office.
- Take a leadership role in the evolution of Arena’s security practices, policies and procedures as you work with teams across the organization to assess and communicate risks, plan and implement application and infrastructure improvements, and automate verification of completed work.
- Act as a customer-facing representative for the security team and collaborate with the Sales and Customer Support teams to answer security questions from customers or partners.
- Mentor the technology organization on secure coding methodologies, data security policies and general information security awareness.
- Stay current on security standard and best practices inside and outside of the enterprise SaaS industry, and draw on public research, reports, and analysis to drive improvements to the overall security story at Arena.
- Research emerging external security threats to Arena application availability and confidentiality. Evaluate new and emerging security products and technologies. Develop proofs-of-concept and provide guidance and recommendations how to leverage them.
- Coordinate and execute third-party penetration tests and security incident handling. Plan mitigating, corrective, and preventative actions.
- Bachelor of Science degree in Computer Science, Engineering or equivalent
- Five or more years working in an information security role
- Broad knowledge of security standard and best practices
- Deep understanding of the SaaS domain from security perspective
- Experience with SaaS development, deployment, and security models
- Experience cultivating and driving a culture of security awareness
- Experience with a broad range of security technologies, including Firewalls, DLP, NAC, IDS/IPS, IdAM, certificate management, SIEM, endpoint protection, anti-malware, and vulnerability management
- Strong verbal and written communication skills, ability to lead and influence cross-functional teams