Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Product Security Manager
Company Zendesk
Location San Francisco, CA or Remote
Preferred GIAC Certifications GWEB GSSP-JAVA GCSA
Travel 0%
Salary Not provided
URL https://jobs.zendesk.com/us/en/job/R12588/Product-Security-Manager
Contact Name Maarten Van Horenbeeck
Contact Email mvanhorenbeeck/at/zendesk.com
Expires 2020-11-22

Job Description

Zendesk is looking for a Product Security Manager. We are looking for someone passionate about application security that enjoys working with an entire platform of products. This individual will help build and nurture teams and empower others to support continued growth in their careers. Ideal candidates will have experience designing creative approaches to scale security through automation and communication. If this sounds like you, join us on Zendesk’s Global Product Security Team!

At Zendesk, we believe that security is everyone’s responsibility and that security decisions should be simple. When our customers or employees face options, we strive to make the secure option the easiest way of achieving their goals.

On the Zendesk Product Security Team, we develop and build processes that allow Zendesk Engineering to make secure decisions for our customers. We partner with our engineers to prioritize security during the entire software development life cycle and provide them tools and programs to do so including a mature bug bounty program, Security Champions program, security reviews, static/dynamic testing tooling and vulnerability management.

What you’ll do as a Product Security Manager
- Grow our team in Americas region
- Enable our team members to identify and attain their career objectives at Zendesk
- Partner with Engineering Managers and Product Managers to drive improved security controls across the product portfolio
- Ensure our Security Engagement program is run optimally on a global scale
- Support the growth of our Red Team activities to support our global development teams
- Practice effective communication across our globally distributed team
- Raise or resolve issues that arise
- Empower Engineering teams to own their security risk by using ProdSec’s tools, processes and metrics
- Evaluate, implement and operationalize additional tooling as needed
- Work in a team-oriented, fast-paced, flexible environment

What you bring to the role:
- At least 5 years of application security experience
- Experience mentoring junior team members and peers
- Experience with inspiring change across organizations
- The ability to influence
- Experience with agile development processes, working in a fast-paced environment with continuous integration and continuous deployment.
- Experience with Static Analysis (SAST) and Software Composition Analysis (SCA) / Dependency Management tools
- Knowledge of modern web application technologies including their security threats and vulnerabilities
- Experience reproducing web application vulnerabilities and documenting with clear, minimized reproduction steps
- Excellent problem solving skills
- Great verbal and written communication skills
- Ability to work on multiple projects/tasks at once - balancing and prioritizing work appropriately
- Bachelor's degree in Computer Science or other relevant focus of study
- Security certifications such as OSCP, GWEB, GPEN, GWAPT, CISSP, GSEC, etc. is a plus.