Lead Software Security Engineer
Mirum's US Technology team is looking for a self-motivated, experienced, and resourceful security professional with the energy and drive to join and lead the security team. Candidates should be passionate about current web technologies, and upcoming technology trends (IOT, Serverless, Headless, etc.), making what's next, and being an evangelist of good security hygiene for the agency.
- Lead the U.S. based Mirum security team.
- Execute security reviews of software designs, software systems, development tools, hosting infrastructures, etc.
- Help the development teams translate security controls into actionable tasks or solutions.
- Collaborate daily with Mirum's skilled and dynamic development teams.
- Configure and execute automated security scans and vulnerability assessments.
- Detect, report, and work with contracted service providers to remediate issues in tools and services used at Mirum.
- Monitor and be aware of vulnerabilities disclosed for systems and platforms used by the development teams.
- Integrate with the Software teams to build automated security solutions into developer, libraries, tools, and processes to improve security while minimizing the impact on the development teams.
Skills and Requirements:
- 5+ years of experience as a Security Manager, Security Engineer, Security Analyst, DevSecOps Engineer, or comparable security role.
- Experience managing a small team of developers or security professionals.
- Experience analyzing software designs and implementations for security flaws.
- Ability to provide and explain practical and cost-effective solutions to security flaws and controls.
- Ability to work with teams across offices and regions globally.
- Competency in at least one programming language (preferably a web-friendly language such as C#, PHP, Python, Ruby, etc.).
- Experience working with at least one cloud services PaaS (AWS, Azure, Google Cloud, etc.).
- Awareness of current threats and vulnerabilities.
- Familiarity with the OWASP Top 10 and the ability to craft a proof-of-concept attacks against these vulnerabilities in the real world.
- Awareness of security frameworks and security controls sets for common frameworks like PCI-DSS, NIST 800.53, HIPAA, etc.
- Positive attitude, friendly demeanor, patient, and strong communication skills.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law