Product Security Lead at Veho

Posted on: 06/17/2022

Location: (REMOTE)

Original Source

Tags: bootstrap

**About The Role** Veho’s Chief Information Security Office is looking for an experienced professional to manage and execute efforts to strengthen a foundation of security across Veho’s products, including 3rd party products and their integrations. The role will serve as an expert advisor to the engineering and IT teams. The candidate will contribute to the definition, development, implementation, and maintenance of our product security framework ensuring that best practice initiatives are achieved for system and data integrity, availability, accountability, and assurance. The position will both oversee and execute all aspects of product security functions including architecture,threat modeling, application security, code reviews and assessments. The role will drive efforts to deepen security engagement early in the software development lifecycle, reducing rework and improving speed to delivery. The role will partner and collaborate with Product and Engineeringleadership to establish and evolve processes, controls, and the product security program. **Responsibilities Include** Review engineering design and architecture, vulnerabilities, code and other findings for products deployed.Identify common security design patterns and influence the adoption of scalable and automated secure platforms and solutions. Identify opportunities for improvements to security tooling and automation. Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences. Improve security tooling to facilitate a highly automated and scalable SecDevOps model. Mentor product engineering teams on how to approach security in their day to day work. Establish, augment and automate Veho’s security scanning and testing capabilities, bootstrap efforts and execute fixes in alignment with Veho’s vulnerability management policy, ensure findings are triaged and remediated by engineering or other peer teams. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program. Partner with application engineering, core services and infrastructure engineering, site reliability engineering and other applicable teams to embed security scoring into overall production readiness scoring, using industry best practices such as BSIMM or similar. Contribute to security compliance efforts such as ISO27001 / SOC2 certification, privacy and data security law compliance by providing the necessary capabilities and artifacts. **Skills & Qualifications** BS, BE, BTech or MS in Computer Science, Cybersecurity, Information Technology or other related fields. Equivalent years of experiences without a degree are considered. 10+ years of relevant education and/or work experience