CLEAR transforms what is uniquely you – your fingerprints, your face, your eyes – into a secure, biometric key to frictionless experiences. We are creating a world where travel is effortless, where accessing your office building is as simple as walking in, and where shopping is as easy as walking in and out of a store - without ever once showing an ID or credit card. CLEAR currently powers secure, frictionless customer experiences in nearly 40 U.S. airports and venues. With over 2 million members so far, CLEAR is the identity platform of the future, today.
Our VP of Security Engineering will lead and manage a growing team taking our security engineering processes, technology, controls, and strategy to the next level. Charged with building teams focused on creating a world class and progressive Security Engineering practice and culture. They will lead top Cyber Security talent and provide innovative solutions with a fine balance between cost and risk. This role will constantly balance the need for high levels of security with low friction product design. A successful candidate for this role will have the ability to make strong technical decisions
What You Will Do:
- Define technical standards, security tooling, and infrastructure to support key security programs: Product & Application Security, Infrastructure & Cloud Security, Vulnerability Management, Secure Development Lifecycle, Identity and Access Management, Threat Intelligence, Threat Hunting, Insider Threat, and Incident Detection & Response Engineering and Technical Risk Assessment.
- Define, champion, and execute the overall security engineering and application security strategy, road map and governance structure with buy-in from operational and business stakeholders. Work to build out robust and mature security engineering capabilities and measures of performance.
- Manage, coach, and maintain effective performance levels of all direct and indirect reports. Plan and track continued team growth and career development.
- Assess development and operations of AWS/cloud native and Kubernetes based environments to identify risks and gaps related to information security, including potential data breach risks. Define security guardrails and implement both detective and preventive controls for deviations.
- Build out embedded security services, business processes, and technologies to enable lightweight but high impact security value streams (e.g. Secure Design Reviews, Threat Modeling, Production Readiness testing, Security Control Verification, and many more).
- Aid in security incident response planning and participate in the investigation of security incidents. Work to automate the detection and response of new/recurring threat activity.
Who You Are:
- Minimum of 10 years in information security with 5 years focused in Security Engineering and/or Operations in a Cloud based environment.
- Minimum of 6 years of managing a technical security team.
- Experience with agile frameworks preferred.
- Strong Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud) as well as protecting various cloud SaaS solutions.
- Strong working knowledge of building security security engineering focus programs and teams.
- Demonstrates excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, operating systems hardening, web-proxy and security audits.
- Has managed a team of at least 10 and managed managers.
- Experience designing secure networks, systems and application architectures, including cloud security solutions.
- Ability to build strong relationships and work cross functionally with internal and external constituents.
- Strong time management, organization and prioritization skills; ability to complete multiple concurrent tasks within close deadlines with a high degree of accuracy and detail.
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
- Excellent communication and organizational skills along with the ability to deliver along strict (and often time sensitive) guidelines.
- Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.
- Comprehension of RESTful APIs, HTTP, and web APIs.
- Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud).
- Strong experience with Platform as a Service providers.
- Some programming and scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
- Bachelor's degree or higher in Computer Science.