Director Of Product Security
Israel
Varonis
The world's only fully automated DSPM. Continuously discover and classify critical data, remove exposures, and stop threats in real-time with AI-powered automation.At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe that the most practical approach is to protect data from the inside out. We’ve building the industry’s first fully autonomous data security platform to help our customers dramatically reduce risk with minimal human effort.
At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you. We are looking for a Director of Product Security to join our R&D organization and take full ownership of Varonis product security initiatives. In this key leadership role, you will spearhead the development and implementation of our comprehensive security strategy, encompassing both SaaS and on-premises solutions. Responsibilities:
- Develop and lead the strategic vision to manage both internal and external risks associated with Varonis products and solutions.
- Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
- Drive secure development lifecycle and integration of security features into all phases of software design and development, including advising on proper software architecture security standards.
- Vulnerabilities management - Identify and facilitate remediation of application and cloud platform exposures and vulnerabilities, including implementation of relevant systems and tools for these purposes.
- Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
- Research new application security tools and technologies as requested and evaluate options that enhance security capabilities.
- Lead compliance gap analysis and implementation (such as SOC2, SOC3, FedRAMP)
- Work closely with R&D groups - Dev teams, Platform, DevSecOps and DevOps teams, to enhance application and platform security on all layers, including monitoring and enforcement.
- Conduct periodic pen testing against our Saas Platform components.
- Extensive experience in managing security teams and leading other managers and architects - managerial experience of 5+ years
- Experience collaborating with cross-functional departments, including senior leadership and C-level executives.
- Extensive experience in security architecture, software development, and public cloud or SaaS platform security.
- Experience in Product security, Penetration testing and threat modeling.
- Vast Experience in public cloud services - IaaS, PaaS, SaaS across AWS, Azure and GCP.
- Experience in securing Cloud based environments and complex topologies.
- Working in large engineering organization (at least 100 engineers) responsible for a SaaS offering.
- Experience with TLS \ Cryptography, Authentication technologies, IDP / SAML, WAF / Firewalls / Network security and Windows and Linux Security.
- Thorough understanding of cybersecurity frameworks, such as NIST CSF, CIS CSC, etc.
- Experience with implementing and maintaining cloud security tools and tech such as CSPM, EDRs, SIEM, SOC tools and more.
- Experience with web & application security, familiar with OWASP frameworks, solutions, and initiatives
- Experience with security solutions such as DB Firewalls, Vulnerability scanners, and RASP/DAST/SAST solutions.
- Experience in implementation of Secure Development LifeCycle
- Coordinate, participate and deliver threat modeling for given\new designs and architectures.
- Educate key stakeholders on program, risks, and importance of security in Varonis products & solutions.
- Work with the business to identify, capture, escalate, and close security vulnerabilities found in Varonis products.
- Leverage tools to deliver vulnerability information back to the development organization for remediation.
- Coordinate security risk assessments for new products & solutions through the risk assessment team
- Experience in Software development or Engineering leading roles.
- Relevant certifications such as OSCP, CISSP, CISM, CCSP – advantage
- Experience leading large security teams within a SaaS organization.
- Experience as a CISO
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure C CCSP CISM CISO CISSP Cloud Compliance Cryptography CSPM DAST DevOps DevSecOps FedRAMP Firewalls GCP IaaS Linux Monitoring Network security NIST OSCP OWASP PaaS Pentesting Product security R&D Risk assessment SaaS SAML SAST Security strategy SIEM SOC SOC 2 SOC 3 Strategy TLS Vulnerabilities Windows
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.