Shutterstock is seeking a Senior Level Security Professional to lead the Product & Application Security team.This individual will report to the Chief Information Security Officer & be responsible for validating that our services, applications & websites are designed & implemented to the highest security standards to protect our company & our customers. This role requires strong partnership with Shutterstocks Product, Engineering/DevOps, QA & Infrastructure teams to educate, inform & enforce security throughout the product & application lifecycle.
Responsibilities of this role include, but are not limited to, the following activities:
- Review & advise on the security design of new products & applications
- Identify gaps in existing security architecture & recommend improvements
- Identify & monitor appropriate security check points in the systems development life cycle.
- Implement application security activities as part of the CI/CD pipeline
- Perform code review, penetration testing & vulnerability research
- Analyze the security of native sites, mobile sites/app, APIs & desktop; where issues are discovered, work cross-functionally to prioritize resolution/mitigation
- Point out common areas in web & mobile applications where developers need to be particularly conscious of security risks; Provide guidance for how to address each risk on common web stacks
- Implement & manage/monitor Layer 3, 4 & 7 DDoS protection & management; layer 7 WAF management, bot mitigation & fraud prevention,
- Oversee the bug bounty program for Shutterstock
- Ensure customer-facing security remains up-to-date & intact: encryption (at rest, in transit), identity registration/login/password resets, & customer data flows & storage
- Serve as a technical reference for developers & engineers
- Understand emerging threats facing Shutterstock
Skills & Experience:
- 7-10+ years of experience within information security & information technology
- An understanding of web services, mobile applications, applied cryptography, & penetration testing
- An understanding of network & web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Proficient in standard security assessment & testing tools (code & application scanners)
- Knowledge of common application security issues & remediation techniques (e.g. SQL injection, Cross Site Scripting, cookie replay, credential theft, dictionary attacks, session hijacking, etc.)
- Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.).
- Experienced in working with cloud infrastructures, AWS preferred: Software as a Service (SaaS), Platform as a Service (PaaS), & Infrastructure as a Service (IaaS) technologies
- Leadership qualities with a proven track record of building a collaborative, motivated team environment.
- Proven ability to develop effective partnerships with senior management & peer organizations. Must be able to explain technical concepts & problems to nontechnical senior executives effectively.
- Strong written & verbal communication skills. Strong interpersonal skills, resourceful, responsive with strong follow through.
- This role will manage people
Shutterstock (NYSE: SSTK), directly & through its group subsidiaries, is a leading global provider of high-quality licensed photographs, vectors, illustrations, videos and music to businesses, marketing agencies & media organizations around the world. Working with its growing community of contributors, Shutterstock adds hundreds of thousands of images each week & has millions of images & video clips available.
Headquartered in New York City, Shutterstock has offices around the world & customers in more than 150 countries. The company also owns Bigstock, a value-oriented stock media agency; Shutterstock Custom, a custom content creation platform, Offset, a high-end image collection; PremiumBeat a curated royalty-free music library; Rex Features, a premier source of editorial images for the world's media.
For more information, please visit www.shutterstock.com & follow Shutterstock on Twitter, Facebook and Instagram.
Equal Opportunity Employer, M/F/D/V