Vice President of Security Engineering at CLEAR
CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the second year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 5+ million members to help create a safer environment no matter where you go.
Our VP of Security Engineering will lead and manage a growing team taking our security engineering processes, technology, controls, and strategy to the next level. Charged with building teams focused on creating a world class and progressive Security Engineering practice and culture. They will lead top Cyber Security talent and provide innovative solutions with a fine balance between cost and risk. This role will constantly balance the need for high levels of security with low friction product design. A successful candidate for this role will have the ability to make strong technical decisions
What You Will Do:
- Define technical standards, security tooling, and infrastructure to support key security programs: Product & Application Security, Infrastructure & Cloud Security, Vulnerability Management, Secure Development Lifecycle, Identity and Access Management, Threat Intelligence, Threat Hunting, Insider Threat, and Incident Detection & Response Engineering and Technical Risk Assessment.
- Define, champion, and execute the overall security engineering and application security strategy, road map and governance structure with buy-in from operational and business stakeholders. Work to build out robust and mature security engineering capabilities and measures of performance.
- Manage, coach, and maintain effective performance levels of all direct and indirect reports. Plan and track continued team growth and career development.
- Assess development and operations of AWS/cloud native and Kubernetes based environments to identify risks and gaps related to information security, including potential data breach risks. Define security guardrails and implement both detective and preventive controls for deviations.
- Build out embedded security services, business processes, and technologies to enable lightweight but high impact security value streams (e.g. Secure Design Reviews, Threat Modeling, Production Readiness testing, Security Control Verification, and many more).
- Aid in security incident response planning and participate in the investigation of security incidents. Work to automate the detection and response of new/recurring threat activity.
Who You Are:
- Minimum of 10 years in information security with 5 years focused in Security Engineering and/or Operations in a Cloud based environment.
- Minimum of 6 years of managing a technical security team.
- Experience with agile frameworks preferred.
- Strong Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud) as well as protecting various cloud SaaS solutions.
- Strong working knowledge of building security security engineering focus programs and teams.
- Demonstrates excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, operating systems hardening, web-proxy and security audits.
- Has managed a team of at least 10 and managed managers.
- Experience designing secure networks, systems and application architectures, including cloud security solutions.
- Ability to build strong relationships and work cross functionally with internal and external constituents.
- Strong time management, organization and prioritization skills; ability to complete multiple concurrent tasks within close deadlines with a high degree of accuracy and detail.
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
- Excellent communication and organizational skills along with the ability to deliver along strict (and often time sensitive) guidelines.
- Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.
- Comprehension of RESTful APIs, HTTP, and web APIs.
- Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud).
- Strong experience with Platform as a Service providers.
- Some programming and scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
- Bachelor's degree or higher in Computer Science.