Company Description|Job Description
Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce & campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product & marketing professionals to accelerate innovation, lower the risk of new features, & drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely's impressive customer list includes eBay, FOX, IBM, The New York Times & many more global enterprises.
Lead the security engineering team & the software security program at Optimizely. The security engineering team supports Optimizely's product development team to ensure that security is baked in throughout our infrastructure & software development lifecycle.
How you will make an impact
Hire & retain talent to grow the security engineering team
Maximize the impact of our highly-leveraged security engineers across engineering
Support Optimizely's product development organization by facilitating the software security program
Build & maintain product security strategy, roadmap & metrics
Support security risk management
Participate in the Security & Privacy steering committee; periodically update senior executive staff on product security initiatives
Support Optimizely's compliance programs - PCI, ISO 27001, SOC 2 via the development, implementation & governance of common controls for our products & infrastructure
Partner with the Privacy Director to support Optimizely's privacy engineering efforts
Facilitate information security assessment & testing, including:
vulnerability scanning & mitigation,
secure coding & testing practices
authentication, access, & authorization controls
Build monitor/alert infrastructure for intrusion prevention
Maintain a strong customer focus & translate customer needs into security, privacy & compliance features & public facing documents
Answer customers' questions about security
- 10+ years of experience in the domains of information security & software engineering
5+ years of people management experience
Knowledge & experience with Internet application & mobile app security practices & techniques, especially OWASP
Knowledge & experience in maintaining operational computer & network security, applied cryptography, intrusion detection & prevention, identity & access management, application security, automated security patching, & vulnerability scanning systems
Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, & reporting status
Professional experience with information security in enterprise SaaS services strongly preferred
Experience championing the adoption of security into the SDLC via process, CI/CD automation & formal security reviews of new products.
Experience working in an engineering culture that emphasizes DevOps, & continuous delivery.
Experience with defining & implementing security in cloud environments (especially AWS or GCP)
Ability to cooperatively & effectively work with people from all organizational levels
Excellent written & verbal communication skills; proven security program & project management skills
Bachelor's Degree in Computer Science or equivalent experience
All your information will be kept confidential according to EEO guidelines.