We are Open Raven, a cloud and data security startup with a product DNA that was founded in 2019 by two security industry veterans that have previously been acquired and taken companies public. We are backed by Kleiner Perkins, staffed by seasoned product managers and engineers and we’re seeking like-minded people to join our growing team.
Reporting to the CISO, this role is a crucial member of the Information Security Team and will have a direct impact on the security of our product and data. This person will be responsible for the overall security of the platform, including how we design, code, build, deploy, operate, and maintain it. They will be experienced implementing and driving secure development practices as well as operational security processes for a modern cloud-based service platform.
- Maintain and mature a secure software development life cycle with impactful measures that focuses on identifying and addressing issues early in the development cycle.
- Perform assessment of code, libraries, components, and platform security through automated and manual methods from SAST to DAST, and triage findings to assess validity, impact, and appropriate mitigation measures.
- Maintain tooling and automation to facilitate continuous assessment, including reporting and response to identified issues.
- Perform product design and architecture reviews to identify risks and potential issues, and to determine adherence to good practices.
- Maintain security metrics and reports that convey the security health of the product.
- Engage with developers and operations teams to consult with, help educate, and evangelize practical and achievable security good practices.
- Implement and maintain product security measures and practices that will meet business objectives for compliance and audits, including SOC2.
- Work with third-party consultants during security assessments and engage with security researchers that provide reports of potential issues.
Candidates will have spent time building, maintaining, and operating a SSDLC program based upon good practices and documented standards for the various components. They will be versed in design, application, and operational security concerns in AWS, Kubernetes, and Java environments. They will be skilled in the art of cooperatively engaging with developers to achieve positive outcomes that balance managing risk, with velocity and stability.
- Solid understanding of SSDLC principles and practices, and how they are applied in Agile environments.
- Strong understanding of modern cloud based application architectures and tooling including micro-services, e.g. Kubernetes.
- Strong knowledge of CI/CD deployment models, systems, processes, and automation.
- Solid understanding of threat vectors for cloud and micro-service based applications.
- Thorough understanding of common application security vulnerabilities including how to identify and remediate them.
- Experience running and tuning SAST, SCA, DAST tools and triaging results.
- Ability to read and understand Java, Python, and other languages.
- Familiarity with libraries and frameworks such as React, Netty, and Node.js.
Compensation / Benefits
- Startup culture with a product company DNA.
- 100% remote / distributed team. In normal times we meet as a team in Los Angeles once a month and you must be able to travel for up to four days a month.
- High performing, fast paced product team.
- No drama, a “be a nice and good human” culture.
- A team where results and doing and not talk and thinking is valued.
- Competitive salary.
- Early stage stock options.
- Excellent health insurance and benefits; 100% coverage for employees.
- Flexible work schedules and vacation.
- Top of the line equipment.
We are an equal opportunities employer committed to diversity.
All applicants must be US Citizens or US Green Card holders.
We do not want, need, or accept candidates / applicants from recruitment consultants.