Company Description|Job Description
Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce & campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product & marketing professionals to accelerate innovation, lower the risk of new features, & drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely's impressive customer list includes eBay, FOX, IBM, The New York Times & many more global enterprises.
Lead the security engineering team & the software security program at Optimizely. The security engineering team supports Optimizely's product development team to ensure that security is baked in throughout our infrastructure & software development lifecycle.
How you will make an impact:
- Hire & retain talent to grow the security engineering team
- Maximize the impact of our highly-leveraged security engineers across engineering
- Support Optimizely's product development organization by facilitating the software security program
- Build & maintain product security strategy, roadmap & metrics
- Security governance with software security metrics, security OKRs for engineering teams & quarterly security service delivery reviews
- Support security risk management
- Participate in the Security & Privacy steering committee; periodically update senior executive staff on product security initiatives
- Support Optimizely's compliance programs - PCI, ISO 27001, SOC 2 via the development, implementation & governance of common controls for our products & infrastructure
- Partner with the Privacy Director to support Optimizely's privacy engineering efforts
- Facilitate information security assessment & testing, including:
- penetration testing
- vulnerability scanning & mitigation
- secure coding & testing practices
- authentication, access, & authorization controls
- Build monitor/alert infrastructure for intrusion prevention
- Maintain a strong customer focus & translate customer needs into security, privacy & compliance features & public facing documents
- Answer customers' questions about security
- 10+ years of experience in the domains of information security & software engineering
- 5+ years of people management experience
- Knowledge & experience with Internet application & mobile app security practices & techniques, especially OWASP
- Knowledge & experience in maintaining operational computer & network security, applied cryptography, intrusion detection & prevention, identity & access management, application security, automated security patching, & vulnerability scanning systems
- Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, & reporting status
- Professional experience with information security in enterprise SaaS services strongly preferred
- Experience championing the adoption of security into the SDLC via process, CI/CD automation & formal security reviews of new products.
- Experience working in an engineering culture that emphasizes DevOps, & continuous delivery.
- Experience with defining & implementing security in cloud environments (especially AWS or GCP)
- Ability to cooperatively & effectively work with people from all organizational levels
- Excellent written & verbal communication skills; proven security program & project management skills
- Bachelor's Degree in Computer Science or equivalent experience
At Optimizely, we embody inclusion & embrace diversity. We believe in work/life balance & bringing our true selves to work. To that end, we offer best-in-class perks & benefits that support our Optinauts along their career journey with us. Read more about our culture at optimizely.com/careers.
Optimizely is an equal opportunity employer & makes employment decisions on the basis of merit. Optimizely prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest & conviction records.