Job Specifications
We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform(tm). Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch(tm) technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.
We specifically seek a hands-on, technical security leader. You bring experience building security monitoring, reference architectures, deploying tools, integrating platforms, assessing modern cloud-native applications and infrastructure - and leading teams executing that mission successfully. You lead with an open mind, a can-do attitude, seek truth and alignment over winning arguments, and see incident response as an opportunity to learn, grow, and improve partnership across our global teams.
Program Leadership
Define the Cyber Security Strategy for Bugcrowd and identify areas of improvements to the threat landscape, internal risk tolerance objectives, and/or compliance objectives.
Ensure the technical aspects of vendor acquisitions and tools are safe for Bugcrowd's use, in unison with the IT and compliance teams.
Assess corporate technology systems, determine strategy for changes, enhancement and improvements; recommend and implement the same, from the perspective of cyber security.
Carry out and fulfill the cyber security strategy of bugcrowd, proactively improving the security posture with time.
Work with GRC to assist in designing, develop, implement and coordinate areas of policies and procedures for compliance with SOC-2, NIST 800-53v4, ISO27001,ISO27018, and FedRAMP.
Represent Bugcrowd in the internal and external audits for SOC-2, ISO27001, and ISO27018.
AppSec and Product Security Leadership
Manage Bugcrowd's bug bounty program, ensuring that clients have a standard to aspire to, when running their own bounty programs.
Analyze new features prior to development or launch, to ensure the security measures in place are sufficient for the project. (security architecture and security testing)
Manage the access controls for Bugcrowd's production codebase (GitHub).
Approve and analyze authorisation requests to production data (AWS, GitHub, Tableau, etc.).
Perform regular audits of Bugcrowd's cloud infrastructure, alongside helping with architecture of any cloud solutions from the security perspective.
Manage and audit all vulnerability scans (internal and external) for all of Bugcrowd's systems (Qualys and Nessus).
Proactively test and identify issues within Pull Requests and production to find issues (code review & penetration testing).
Automate security tasks to proactively identify and fix security issues within Bugcrowd. (Python, golang, JS, Ruby)
Perform configuration management upon all Bugcrowd systems (IT and cloud).
Perform code audits on new features, patches, etc.
Security Operations, Detection and Incident Response
Perform IR for all parts of the business (on-call 24x7) and perform root cause analysis upon the incidents to properly mitigate them in the future. Aid with forming an Incident Response Plan (IRP) based on these incidents.
Perform threat intelligence to proactively find issues relating to Bugcrowd's security posture.
Plan implementation of security controls, in unison with the required teams (infra, eng, secops, IT, compliance, Researcher Success (RS), etc.).
Monitor the security controls for all of Bugcrowd's systems and build a team to do the same. (SIEM usage)
Perform malware analysis on any potential malware, should the forensic requirements arise during IR.
Coordinating red team engagements against Bugcrowd and implementing security controls to mitigate any issues found.
Develop security awareness materials for all roles within the Bugcrowd organisation.
Aid the Legal team with GDPR related issues from researchers and programs.
Management and Team Leadership
Perform table top exercises within the Bugcrowd organization to ensure the organization is prepared for future threats.
Aid with business continuity testing, since the internal cybersecurity team plays a major role within the process.
Present findings and observations to the ISMS committee.
Portray and represent the technical controls and engineering areas within the ISMS committee (requirement of ISO27001).
Supervisory Responsibility
Lead and manage a team of internal cybersecurity professionals.
Train and grow the securit
About the Company
We are a crowdsourced security company that safeguards organizations' assets from sophisticated threat actors before they can strike--by uniting our customers with trusted hackers via our AI-powered platform to take back control and stay ahead of attackers. Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners.
Know more