Director Of Product Security

Summary Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations become stricter, organizations struggle to answer one key question: “Is my data safe?”

At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe that the most practical approach is to protect data from the inside out. We’ve building the industry’s first fully autonomous data security platform to help our customers dramatically reduce risk with minimal human effort.

At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.  We are looking for a Director of Product Security to join our R&D organization and take full ownership of Varonis product security initiatives. In this key leadership role, you will spearhead the development and implementation of our comprehensive security strategy, encompassing both SaaS and on-premises solutions.      Responsibilities: 

• Develop and lead the strategic vision to manage both internal and external risks associated with Varonis products and solutions. 
• Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices. 
• Drive secure development lifecycle and integration of security features into all phases of software design and development, including advising on proper software architecture security standards. 
• Vulnerabilities management - Identify and facilitate remediation of application and cloud platform exposures and vulnerabilities, including implementation of relevant systems and tools for these purposes. 
• Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations 
• Research new application security tools and technologies as requested and evaluate options that enhance security capabilities. 
• Lead compliance gap analysis and implementation (such as SOC2, SOC3, FedRAMP) 
• Work closely with R&D groups - Dev teams, Platform, DevSecOps and DevOps teams, to enhance application and platform security on all layers, including monitoring and enforcement.  
• Conduct periodic pen testing against our Saas Platform components.  

  Job Requirements: 

• • Extensive experience in managing security teams and leading other managers and architects - managerial experience of 5+ years 
  • Experience collaborating with cross-functional departments, including senior leadership and C-level executives. 
  • Extensive experience in security architecture, software development, and public cloud or SaaS platform security. 
  • Experience in Product security, Penetration testing and threat modeling. 
  • Vast Experience in public cloud services - IaaS, PaaS, SaaS across AWS, Azure and GCP. 
  • Experience in securing Cloud based environments and complex topologies.  
  • Working in large engineering organization (at least 100 engineers) responsible for a SaaS offering. 
  • Experience with TLS \ Cryptography, Authentication technologies, IDP / SAML, WAF / Firewalls / Network security and Windows and Linux Security. 
  • Thorough understanding of cybersecurity frameworks, such as NIST CSF, CIS CSC, etc. 
  • Experience with implementing and maintaining cloud security tools and tech such as CSPM, EDRs, SIEM, SOC tools and more. 
  • Experience with web & application security, familiar with OWASP frameworks, solutions, and initiatives 
  • Experience with security solutions such as DB Firewalls, Vulnerability scanners, and RASP/DAST/SAST solutions. 
  • Experience in implementation of Secure Development LifeCycle 
  • Coordinate, participate and deliver threat modeling for given\new designs and architectures. 
  • Educate key stakeholders on program, risks, and importance of security in Varonis products & solutions. 
  • Work with the business to identify, capture, escalate, and close security vulnerabilities found in Varonis products. 
  • Leverage tools to deliver vulnerability information back to the development organization for remediation. 
  • Coordinate security risk assessments for new products & solutions through the risk assessment team 

 Advantages: 

• Experience in Software development or Engineering leading roles.
• Relevant certifications such as OSCP, CISSP, CISM, CCSP – advantage
• Experience leading large security teams within a SaaS organization. 
• Experience as a CISO

We invite you to check out our Instagram Page to gain further insight into the Varonis culture! @VaronisLife   Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.  #LI-Hybrid