Director, Security Engineering
- San Francisco, CA, USA
- Department: Engineering
Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce and campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product and marketing professionals to accelerate innovation, lower the risk of new features, and drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely’s impressive customer list includes eBay, FOX, IBM, The New York Times and many more global enterprises.
Lead the security engineering team and the software security program at Optimizely. The security engineering team supports Optimizely’s product development team to ensure that security is baked in throughout our infrastructure and software development lifecycle.
How you will make an impact
Hire and retain talent to grow the security engineering team
Maximize the impact of our highly-leveraged security engineers across engineering
Support Optimizely’s product development organization by facilitating the software security program
Build and maintain product security strategy, roadmap and metrics
Security governance with software security metrics, security OKRs for engineering teams and quarterly security service delivery reviews
Support security risk management
Participate in the Security and Privacy steering committee; periodically update senior executive staff on product security initiatives
Support Optimizely’s compliance programs - PCI, ISO 27001, SOC 2 via the development, implementation and governance of common controls for our products and infrastructure
Partner with the Privacy Director to support Optimizely’s privacy engineering efforts
Facilitate information security assessment and testing, including:
vulnerability scanning and mitigation,
secure coding and testing practices
authentication, access, and authorization controls
Build monitor/alert infrastructure for intrusion prevention
Maintain a strong customer focus and translate customer needs into security, privacy and compliance features and public facing documents
Answer customers’ questions about security
10+ years of experience in the domains of information security and software engineering
5+ years of people management experience
Knowledge and experience with Internet application and mobile app security practices and techniques, especially OWASP
Knowledge and experience in maintaining operational computer and network security, applied cryptography, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
Experience administering information security programs including risk assessments, designing security architectures, developing policies, gathering metrics, and reporting status
Professional experience with information security in enterprise SaaS services strongly preferred
Experience championing the adoption of security into the SDLC via process, CI/CD automation and formal security reviews of new products.
Experience working in an engineering culture that emphasizes DevOps, and continuous delivery.
Experience with defining and implementing security in cloud environments (especially AWS or GCP)
Ability to cooperatively and effectively work with people from all organizational levels
Excellent written and verbal communication skills; proven security program and project management skills
Bachelor’s Degree in Computer Science or a related field
At Optimizely, we embody inclusion and embrace diversity. We believe in work/life balance and bringing our true selves to work. To that end, we offer best-in-class perks and benefits that support our Optinauts along their career journey with us. Read more about our culture at optimizely.com/careers.
Optimizely is an equal opportunity employer and makes employment decisions on the basis of merit. Optimizely prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.