Director, Proactive Security

It's fun to work in a company where people truly BELIEVE in what they're doing!

Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish by providing their customers with seamless experiences. With a dynamic and growing team of 1,700 employees, we are committed to driving innovation and delivering best-in-class software and payment solutions that empower small and medium-sized businesses across numerous industries. Our purpose is to help our customers grow their businesses and delight their customers. Join us and be a part of a forward-thinking company that values growth, excellence, and the success of our clients.

Fullsteam is seeking a Director of Proactive Security to build and operate attack surface identification, vulnerability management, penetration testing, and secure software development programs spanning a large portfolio of technology companies.   

Since its founding in 2018, Fullsteam has rapidly grown by acquisition and consists of dozens of technology companies across multiple industries. Fullsteam is building and expanding security services across all acquired companies.

Primary Responsibilities:

• Build proactive security capabilities and gain adoption across Fullsteam Business Units. Capabilities include: attack surface identification and monitoring, external and internal vulnerability scanning, infrastructure and application penetration tests, software security architecture, and red team engagements.
• Build and lead a globally distributed team of technical security professionals and specialized vendor engagements.
• Define the software security strategy for Fullsteam Business Units.
• Build and execute a repeatable and measured Software Security Program to achieve risk management outcomes.
• Implement scalable enterprise software security services, including: secure architecture and software development training, secure architecture standards, secure code review standards, static code analysis processes, software composition analysis and 3rd party library management, dynamic analysis, web application firewall review and management, application and network penetration testing.
• Lead and mentor offensive security engagements with Fullsteam Business Units, such as infrastructure and application penetration tests and red team exercises.
• Manage external security testing vendors, including SAST, DAST, and penetration testing.
• Participate in M&A due diligence assessments and integrations.
• Coordinate assessment, testing, and risk management needs with stakeholders in Fullsteam Corporate and within Fullsteam Business Units.
• Contribute to risk management and governance functions (e.g. manage risk register, gather key metrics)
• Participate in other activities as needed: incident response consult, red/blue collaboration.

Primary Qualifications:

• Experience building and leading proactive or offensive security teams.
• Track record of designing, implementing and operating secure software development controls across multiple development teams.
• Experience performing penetration tests of web applications, APIs, and/or networks.
• Experience testing and securing public cloud architectures.
• OSCP or OSWE-equivalent certification preferred.
• Bachelor’s degree in Information Security, Compliance, or a related field.
• 5+ years of experience in information security, risk management, and/or compliance roles.

Fullsteam supports an inclusive workplace that values diversity of thought, experience, and background. Fullsteam is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state, or local law.