Job Title: Chief Software Security Officer
The role of Chief Software Security Officer is a pivotal one, where you will have the opportunity to shape the security landscape of our software solutions. We are seeking an experienced professional who can drive our software security strategy forward, ensuring that our products and services meet the highest standards of security.
As a key member of our Product Security team, you will be responsible for defining and driving secure architecture practices, influencing engineering decisions, and helping shape the future of secure software development. Your expertise will directly contribute to protecting mission-critical infrastructure software used worldwide.
Responsibilities:
1. Lead the adoption and evolution of Secure Software Development Lifecycle (SSDLC) practices and standards across teams and projects.
2. Conduct security architecture and design reviews to ensure robust protection of applications and systems.
3. Drive and mature threat modeling practices across the organization, identifying and mitigating risks early in the development process.
4. Collaborate with empowered, cross-functional teams to embed security into the design, development, implementation, and verification of software.
5. Provide clear, actionable remediation guidance to developers and system administrators.
6. Support stakeholders in making informed, risk-based decisions that balance technical and business priorities.
7. Deliver training sessions and educational content to upskill developers and promote a security-first mindset.
8. Build and maintain tools and automation that enhance security workflows and reduce manual effort.
Qualifications:
* Approximately 7+ years of experience in software, with 4+ years focused on Application Security Architecture.
* Strong proficiency in securing cloud environments, ideally with hands-on experience in Azure.
* Proven expertise in threat modeling complex software systems.
* Solid foundation in software development, with the ability to read, write, and audit code across multiple languages.
* Deep understanding of OWASP Top 10, SANS Top 25, and common security vulnerabilities.
* Experience with containerization and orchestration tools such as Kubernetes, Docker, and Istio.
* Ability to deconstruct complex systems to identify potential threats and weaknesses.
* Exceptional communication skills—able to clearly articulate technical risks to developers, engineers, administrators, and leadership.
* Demonstrated ability to learn quickly, research new topics, and adapt to evolving technologies.
* Strong problem-solving skills and a proactive approach to tackling security challenges.
* Ability to make balanced, unbiased decisions that consider both technical risks and business impact.
Bonus Skills That Set You Apart:
* Knowledge of OAuth/OpenID Connect and modern authentication protocols.
* Familiarity with web technologies including JavaScript, HTML5, HTTP, REST, and related protocols.
* Proficiency in one or more programming languages/platforms such as .NET Core, C#, Java, TypeScript, C/C++.
* Certifications such as CISSP or CCSP are a strong plus.