Chief Information Security Officer

Vimeo supports over 287M users, 1.6M+ paid subscribers, and 100B+ video views. We are hiring a CISO to build and evangelize a comprehensive security practice across all parts of Vimeo. The role will lead teams across application security, infrastructure security, compliance, IT, and security engineering. The CISO will interact with Vimeo's Board and Executive team, and will represent security practices and concerns to internal teams, vendors, and clients.

What you'll do:

Assess the current state of Vimeo's security practices, highlighting areas for immediate and long-term changes
Build an Enterprise Product Security function from the ground up with developers that will protect our Enterprise users
Develop Vimeo's security roadmap throughout our security engineering practice, building a strong security engineering function to effectively identify vulnerabilities before production and investing in automation and machine learning techniques where possible
Manage & provide actionable insights to engineering from HackerOne, pen tests and PCI compliance reports
Ensure risk controls are implemented and fully monitored throughout our system lifecycle
Evangelize security-first practices, policies, and procedures across the broader company - particularly all teams building code - and ensure updated documentation and processes to address vulnerabilities in production
Oversee Vimeo's security Governance, Risk and Compliance programs
Own all Security Events and Incident Management (SEIM)
Set the vision of the IT Employee Experience department with a clear roadmap
Stay abreast of the shifting security landscape, and communicate across Executive teams to ensure alignment

Skills and knowledge you should possess:

10+ years of experience in information security, preferably at a B2B SaaS company
5+ years of experience managing medium to large security teams
Degree in Computer science or an equivalent related technical field
Ability to collaborate across teams, drive initiatives forward, and influence the business
Proven experience hiring security professionals and building a safe, collaborative, high performing Engineering department and culture
Values and celebrates teams comprised of diverse perspectives
CISSP, CISM, or other similar security certification(s), as well as the ability to drive technology compliance and certification efforts with our sales, legal and compliance functions
Knowledge of and passion for emerging security technologies and products, such as Prism, Threat Stack, WAF, and GCP tools to support threat management
Familiarity with GDPR, experience in a UGC (user generated content) environment a plus
Demonstrated ability to set the vision of Workforce security

Principal Security Engineer – Strategy

Indeed

Your Job

As a Principal Information Security Engineer you will present your technical expertise balanced with common sense and an understanding of the Indeed enterprise. While you will always encourage your fellow team members, your customers, and Indeed’s clients to do “the right thing” based on data from the tools and processes you build that support the established policies and standards, you recognize that issues, risks and solutions are colored in shades of grey.

You provide just a part of security to the enterprise that depends on tight coordination and constant communication with other parts of the security organization and, most often, with other parts of Indeed.

A Security Engineer is a life-long learner. You may be an expert in one domain, but always seeking clarity in others. You tinker at home in security domains that may have nothing to do with your role, but you share that expertise with your team and your customers.

Responsibilities

Serve as the lead technical advisor to the Director of Security Strategy & Planning
Facilitate the implementation of Security controls.
Participate in the development and review of the cybersecurity and privacy program, including policies, standards, and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness.
Develop, report, and monitor cybersecurity measures of performance (e.g., Key Performance Indicators, Key Risk Indicators)
Develop and deliver ongoing cybersecurity and privacy education and training for organizational personnel, in collaboration with the Security Awareness program
Maintain currency with recommended cybersecurity and privacy practices, techniques, and technologies
Contribute to Indeed’s knowledge through documentation, awareness content, and other inter- and intra-team activities.
Stay up-to-date with trends in the information security community including new vulnerabilities, methodologies, and products.
Provide technical consultation to Risk Management and Compliance processes, including (but not limited to) providing technical input to risk assessments as needed, and identifying compensating countermeasures to reduce risk and exposure to threats.
Contribute to the development of Business Impact Analysis (BIA), plans for Supply Chain Risk Management, and Data Protection Impact Assessments (DPIA)

Who You Are

10+ years experience as a Security Engineer or Architect in a dynamic and responsive enterprise-level security function, in a rapidly growing and changing technical environment
Documented evidence of professional competence, as demonstrated by industry recognized certifications such as OSCP, OSCE, CISSP, or CISM, or other evidence of successful performance
5+ yrs. experience in open source development environments and on-premises and cloud based infrastructure platforms
Experience at least five (5) security domains such as: Incident Response, Application Security, Infrastructure Security, Endpoint Security and Response, Detection Engineering, Network Security, Cloud Security, Compliance, Governance, Cryptography, IAM, Privacy, Risk Management, Threat Intelligence, Offensive Security/PenTesting, or Red Teams.
Solid understanding of, and experience with, a mature Security program, including identification and implementation of controls frameworks
Demonstrated interest and engagement with the larger security community
Demonstrated understanding of Risk Management and Compliance frameworks
Demonstrated experience developing and delivering written and verbal Security awareness content

Who we are

We are builders, we are integrators. We create and optimize solutions for a rapidly growing business on a global scale. We work with distributed infrastructure, petabytes of data, and billions of transactions with no limitations on your creativity.

Our Mission

As the world’s number 1 job site*, our mission is to help people get jobs. We strive to cultivate an inclusive and accessible workplace where all people feel comfortable being themselves. We’re looking to grow our teams with more people who share our enthusiasm for innovation and creating the best experience for job seekers.

Security Analyst

Optiver US

Optiver’s Cyber Security team defines and drives the firm’s approach to information security: setting standards, implementing defenses, training users, and responding to incidents. Our cross-disciplinary approach allows us to make the best choices in the context of all our systems and processes, finding optimal solutions for the needs of the business while achieving an effective security posture.

We are looking for candidates with a technical background, who are driven to solving security problems, with strong attention to detail, and who have a willingness to learn and adapt.

What you’ll do:

Monitor and react to security events
Define and implement security policies, procedures, and technologies
Track general developments in computer security, and plan the firm’s response
Provide security expertise and advice to other teams within the company
Define best practices cybersecurity training for employees
Collaborate with other operations, development, and trading teams to solve business challenges
Work at a technology-driven company where you can make an immediate impact

What you’ll need:

Bachelor’s Degree
Broad understanding of and deep interest in computer security
Maintain good cybersecurity practices in your own personal life
Good communication skills, and the ability to explain security best practices to a non-technical audience
General understanding of computers, networks, operating systems, applications, and the web
An engineering mindset when approaching new problems
Willingness and aptitude for learning new skills and adapting to new technologies
Proficiency with programming or scripting a plus
Knowledge of finance or trading is not required
Legal authorization to work in the U.S. is required; we will not sponsor individuals for employment authorization for this job opening

Who we are:

Optiver is a leading proprietary trading firm using technology to provide the most up-to-date and competitive prices in financial products around the world. Put simply, we improve the markets. Achieving this requires excellence in everything we do. That’s not merely an aspiration, but our reason for being.

We’re seeking people who up the ante with nerve, with guts and, most importantly, with heart. We’re looking for the bold. Does that describe you? Then opt in.

Cyber Security Analyst

Data Innovations, LLC

Full Job Description

The Data Innovations Cybersecurity Analyst has a passion for cybersecurity and will collaborate with development to ensure security risks are identified, analyzed and mitigated within the Data Innovations product portfolio. In addition, this is a key role in helping to establish a cybersecurity governance program, collaborating with stakeholders across all business units. This role will also participate in the strategic planning and implementation of the cybersecurity program for Data Innovations including helping to achieve compliance with SOC2, ISO 27001 or other standards as needed.

Essential Functions and Responsibilities:

Responsible for planning, organizing, and executing vulnerability scanning across all products.
Collaborate with development to drive progress towards a model of continuous integration and continuous delivery of vulnerability scanning.
Report all vulnerability findings to development and collaborate with engineers to provide guidance on remediation or mitigation of the findings.
Establish metrics and Key Performance Indicators (KPIs) and lead regular security reporting.
Work closely with the Director of Software Quality Assurance to define and implement process and security program improvements.
Assist in the creation and maintenance of the application Threat Models.
Participate in vendor and tooling selection evaluation and provide recommendations to management for scanning solutions as well as Manual Penetration Testing providers.
Implement selected tooling and coordinate Manual Penetration Testing with the vendors across the products.
Review security documentation and product architecture documents to determine security status of products and applications including Cloud products.
Perform security audit and compliance tasks for all applications.
Assist in the response and completion of security questionnaires from customers.

Requirements

Knowledge, Skills, and Abilities:

Understanding of security best practices, standards, and compliance initiatives
Strong critical thinking and analytical skills
Experience with cloud computing
At least 1 year of experience with Threat Modeling.
2 years of experience with vulnerability scanning, remediation and mitigation.
2 years of experience with commercially available and open-source vulnerability scanning tools
Excellent communication skills and ability to work with individuals and teams across departments.
Experience in regulated industry preferred
Cybersecurity or information security certificates preferred

Education and/or Experience

Bachelor’s Degree in Computer Science or Information Technology, or related discipline OR at a combination of education and related working experience from which comparable knowledge and skills can be acquired.

Sr. Staff Security Engineer

The Walt Disney Company (Corporate)

The Sr. Staff Identity Architect will be responsible for the complete architecture & engineering components of the entire Identity Management Domain, with a focus on consumer Identity while also supporting Workforce Identity. In this role, they will provide architecture direction, design and implementation consultation as well as security controls and policy criteria and establishment. Key areas of focus will include Authentication & Authorization, Federation, Privileged Access Management, provisioning & governance of identity and identity data. The role will be responsible for documenting, designing and maintaining IAM architecture and how all functions, technologies, and services fit together. They will also be responsible for leading cross organizational and department interactions on engineering and architecture use cases that both impact IAM as well as where IAM will impact other services and technologies. This role will also be responsible for identifying, evaluating and participating in decision making around new and emerging technologies and directional changes in the IAM space and how they will be leveraged and impact TWDC both in the consumer as well as workforce areas.

This role will also be directly responsible for engaging and partnering with multiple groups across TWDC to advance the CIP strategy.

Responsibilities:

Partner and establish a practice around consumer Identity Security Architecture and a strategy to achieve it.
Engage in BU architecture and engineering design and reviews of both technical and process design and implementations
Define and drive policy definitions and enhancements, as well as risk identification and remediation direction for identified identity security gaps
Set direction and establish a broad companywide reference architecture with a security focus that aligns to the consumer identity business and technical strategy as well as adapts to growing industry changes
Provide subject matter expertise and consultative services across the technology and business environments in the practices and design requirements around IAM
Provide technical leadership and oversight to the broader Identity architecture and other architecture teams

Basic Qualifications:

Minimum 10 years in information security organizations
5+ years of success architecting & designing Identity platforms and services within large organizations with a focus on Consumer Identity / Consumer Data Protection
Proven technical knowledge to expand and mature services while delivering sustained success
Proven record of delivering business critical projects within challenging time frames, multiple stake holder groups and competing priorities
Broad and detailed understanding of IAM both as it relates to consumers as well as workforce
Understanding of overall security landscape including concepts around governance, compliance, security controls
Detailed understanding of IAM concepts such as AuthN/AuthZ, federation, access management etc.
Experience in areas such as device management & protection, data management, process and control frameworks
Training: CISSP or equivalent

Required Education

BA/BS in business or computer science or appropriate work experience

Preferred Education

Masters in Computer Science/Cyber Security or appropriate work experience

Principal Security Engineer – Identity and Access

Amazon.com Services LLC

BS in Computer Science or related field, or equivalent work experience
10 + years of experience in identifying security issues and risks, and developing mitigation plans
4+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages
2+ years of threat modelling, pen testing, and / or performing vulnerability assessments.
2+ years of experience in identity and access management (IAM).
Strong information security risk-based prioritization abilities.

Amazon Customer Service is one of the largest customer service organizations in the world. Our tens of thousands of Customer Service Associates around the globe provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).
The Customer Service Identity and Access Management (CSIAM) team is looking for a motivated and highly-skilled Principal Security Engineer, who exhibits a passion for security, and a desire to innovate to protect customer data and Customer Service applications and capabilities. Customer Service is core to our brand, and we are in the critical path of virtually every initiative across all of Amazon. CS Security is responsible for driving innovative enhancements that raise the bar for how customers, Customer Service Associates, and Amazonian interact with Customer Support resources, systems, and data. This team dives deep into security technologies such as new threat detection technologies, access control systems, endpoint security, and the security of new services and business models. The objective of this program is to define the innovative preventative, detective, and monitoring mechanisms to enable security at scale.

This role is the primary Identity and Access Management security engineer responsible for the security vision and thought leadership for the CSIAM organization. The successful candidate is one who has a combination of troubleshooting, technical, and communication skills, to enable the design and delivery of multi-year plans, product and software development to enable innovative and custom solutions for Authentication and Authorization across the World Wide Customer Service suite of tools. A Security Engineer at Amazon is expected to be strong in multiple domains and provide solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are expected to mentor more junior engineers; identify and prioritize organizational needs; and ensure that delivered solutions successfully raise the security bar.

The successful candidate will foster constructive dialogue and collaboratively seek resolution when confronted with discordant views. Engineers in this role participate fully in the planning of the CS Security team’s work and constantly seek opportunities for process improvement.

Strong creative thinking and analytical skills to proactively identify security needs across the Customer Service organization
Strong social skills for building partnerships and rapport to communicate and mitigate risks.
Strong information security risk-based prioritization abilities.
Experience collaborating with agile software development teams to integrate security requirements with the software development lifecycle
Have experience generating automated metrics to measure service and program effectiveness and consistency
Have excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
Demonstrable teamwork skills and resourcefulness
Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
Strong sense of ownership, urgency, and drive
Sharp analytical abilities and proven design skills
Be a good human who enjoys working with a fun team

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us