Better. Sooner. Together.
Director of Security
Location
United States
Posted
14 hours ago
Salary
$190K - $240K / year
Seniority
Lead
Job Description
Director of Security
OneStudyTeam
• Lead and manage the GRC and Security Engineering teams, including strategy, objectives, staffing, coaching, and performance management. • Own governance, risk, and compliance programs. Maintain ISO 27001 and related controls. Drive audit readiness for HIPAA and other frameworks. Coordinate policy lifecycle management and control testing. • Run vendor assessment and qualification program. Oversee third party risk management, due diligence, contractual security requirements, and continuous monitoring. • Provide AI related security assessments and guidance. Establish acceptable use guardrails for AI, assess model and data risks, and advise on controls for AI enabled solutions. • Oversee security architecture for cloud environments and enterprise platforms. Partner with engineering on secure design for AWS, Azure, identity, network, and data protection. • Direct security engineering operations. Manage EDR and threat detection with CrowdStrike, SIEM operations, CSPM posture management, vulnerability management, and SOAR automation. • Lead incident response readiness and execution. Run tabletop exercises, coordinate investigations, and deliver root cause and lessons learned. • Own and manage security budgets, multiyear planning, vendor contracts, and cost optimization while meeting control objectives. • Report program status and risk posture to executives and the board. Define and track KPIs and KRIs. Communicate clearly with technical and non technical stakeholders. • Establish and enforce secure software development practices and SDLC controls with engineering leadership. • Maintain a current security roadmap and maturity plan aligned to business priorities. • Oversee metrics, dashboards, and reporting for program performance and risk reduction. • Coordinate with Legal, Privacy, and Compliance on regulatory obligations and customer security assessments. • Champion security awareness training and culture, sponsor targeted training for engineering and high risk roles. • Evaluate, select, and manage strategic security vendors and platforms, drive successful implementations and integrations. • Represent security in customer meetings and due diligence, provide credible technical and compliance answers.
Job Requirements
- Minimum of 15+ years of progressive experience in information security or related fields.
- Minimum of 10+ years of management experience leading security teams, including people leadership and program ownership.
- Minimum of a Bachelor's degree in Computer Science, Engineering, Information Security, or related field.
- Relevant certifications strongly preferred. Examples include CISSP and CISM.
- Proven leadership of security programs at enterprise scale. Ability to set strategy, drive execution, and deliver measurable outcomes.
- Demonstrated expertise in governance, risk, and compliance programs, including driving the implementation of ISO27001, SOC2, or HITRUST certification.
- Experience with AI security risk management, data protection for AI use cases, and acceptable use guardrails for AI and large language models.
- Strong background in secure software development, application security, and SDLC controls, including threat modeling and secure coding practices.
- Hands-on knowledge of cloud security for AWS and Azure, identity and access management, network security, data protection, and key management.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Serve as the primary subject matter expert for Palo Alto Networks technologies (NGFWs, Cloud NGFW, Panorama), Web Application Firewall, Content Delivery Network, API Security, IDS/IPS, and DDoS prevention • Own onboarding, policy tuning, and lifecycle management for WAF and CDN platforms; lead firewall ruleset optimization, IDS/IPS tuning, and DDoS protection configuration • Partner with internal teams to drive the global rollout, tuning, and operational management of URL filtering and TLS decryption across the network estate • Lead API security efforts — ensuring API traffic routes through security tooling, identifying vulnerabilities, and working with application teams on fixes • Lead troubleshooting of complex, multi-layer global network and application issues — from packet captures on inter-continental BGP topologies to WAF false-positive triage • Partner with business and application teams to produce clear, actionable security documentation, change proposals, and executive-ready findings • Analyze existing network security architectures, processes, and procedures to identify gaps and drive meaningful improvements • Configure and report on defensive measures against advanced threat actor tactics; maintain current awareness of the evolving threat landscape and the effectiveness of our defenses against them • Communicate complex technical problems and solutions clearly to both global engineering teams and C-suite stakeholders • Champion the broader Security team’s initiatives, not just Network Security Engineering • Participate in the maintenance and tuning of all network security technologies including WAFs, CDNs, VPNs, and application-aware firewalls • Leverage and contribute to automation pipelines for global firewall rule deployment and policy management across the network estate • Utilize security tooling telemetry and data collection automations to produce actionable reporting and metrics for internal teams and executive stakeholders
Role Description The Senior Consultant, Application Security is a senior technical practitioner in IOActive's Application Security practice, with secure code review as the central specialty. The role centers on deep manual code audit work across web and systems languages, paired with application penetration testing, threat modeling, and Secure Development Lifecycle (SDLC) advisory engagements. - Code review engagements span the full landscape: - Source code reviews on production codebases for enterprise web applications, mobile backends, embedded systems, and cryptographic implementations - Application penetration testing against web, API, and mobile targets - Threat modeling for new product designs - SDLC advisory work helping clients integrate security into their development processes - The Senior Consultant brings particular depth in code review and broad competence across the adjacent work. Qualifications - 5+ years in offensive security services, with at least 2–3 years focused on application security and source code review - Hands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consulting - Deep code review expertise in at least two of: - JavaScript / TypeScript (Node.js, modern frontends) - Python (Django, Flask, FastAPI) - Java (Spring, J2EE) - C# / .NET (ASP.NET, Core) - C / C++, Rust, GoLang - Working knowledge of common framework patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the security pitfalls particular to each - Familiarity with vulnerability classes - Nice to have - Familiarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMM Requirements - Strong technical credibility and the comfort to operate as the senior voice on engagements - Excellent written communication — producing actionable reports for developers - Strong verbal communication, capable of presenting complex concepts to diverse audiences - Comfort moving between languages and stacks - Collaborative mindset — close coordination with delivery teams and client developers - Genuine curiosity about how systems work, and patience for reading code carefully Benefits - A chance to work with an industry leader in cyber security - Access to world-class technical teams and research - A high-energy, collaborative team that values innovation - Flexibility—work remotely or from the office as needed - Opportunities for travel - Competitive compensation and performance-based incentives - US base salary range $75,000 - $175,000, depending on experience level, background and location.
• Design, develop, and implement automations and workflows to improve security processes within security-oriented platforms and other IT platforms. • Build and optimize integrations between security tools/platforms. • Develop dashboards, reports, and technical documentation for stakeholders to track security operations deliverables, trends, and progress on security posture. • Support incident response and other security operations tasks through automation and orchestration. • Contribute to continuous improvement initiatives by applying DevOps and agile principles to security engineering tasks. • Collaborate with global teams to ensure alignment on security engineering, standards, and best practices.
• Avaliação de Arquitetura: Analisar e revisar arquiteturas de soluções OT, garantindo aderência às boas práticas de segurança cibernética. • Segurança de Equipamentos OT: Realizar avaliações de segurança em equipamentos como IEDs, PLCs, AMIs e dispositivos de campo. • Controles Cibernéticos: Desenvolver e implementar controles de segurança em ambientes OT, alinhados às normas e regulamentações vigentes. • Gestão de Vulnerabilidades: Identificar, classificar e gerenciar vulnerabilidades, garantindo ações corretivas em tempo hábil. • Monitoramento e Ferramentas: Configurar e operar ferramentas de IDS, antivírus e firewalls específicas para OT. • Análise e Troubleshooting: Realizar análise de pacotes e redes OT, solucionando problemas de desempenho e segurança. • KPIs e OKRs: Definir e acompanhar indicadores de desempenho e objetivos de segurança cibernética.
