Director, Proactive Security

Fullsteam is seeking a Director of Proactive Security to build and operate attack surface identification, vulnerability management, penetration testing, and secure software development programs spanning a large portfolio of technology companies. Since its founding in 2018, Fullsteam has rapidly grown by acquisition and consists of dozens of technology companies across multiple industries... Fullsteam is building and expanding security services across all acquired companies. Primary Responsibilities: ?? Build proactive security capabilities and gain adoption across Fullsteam Business Units. ?? Capabilities include: attack surface identification and monitoring, external and internal vulnerability scanning, infrastructure and application penetration tests, software security architecture and red team engagements. ?? Build and lead a globally distributed team of technical security professionals and specialized vendor engagements. ?? Define the software security strategy for Fullsteam Business Units. ?? Build and execute a repeatable and measured Software Security Program to achieve risk management outcomes. ?? Implement scalable enterprise software security services, including: secure architecture and software development training, secure architecture standards, secure code review standards, static code analysis processes, software composition analysis and 3rd party library management, dynamic analysis, web application firewall review and management, application and network penetration testing. ?? Lead and mentor offensive security engagements with Fullsteam Business Units, such as infrastructure and application penetration tests and red team exercises. ?? Manage external security testing vendors, including SAST, DAST, and penetration testing. ?? Participate in M&A due diligence assessments and integrations. ?? Coordinate assessment, testing, and risk management needs with stakeholders in Fullsteam Corporate and within Fullsteam Business Units. ?? Contribute to risk management and governance functions (e.g. manage risk register, gather key metrics). ?? Participate in other activities as needed: incident response consult, red/blue collaboration. Primary Qualifications: ?? Experience building and leading Proactive or Offensive Security teams. ?? Excellent track record of designing, implementing and operating secure software development controls across multiple development teams. ?? Experience performing penetration tests of web applications, APIs, and/or networks. ?? Experience testing and securing public cloud architectures. ?? OSCP or OSWE-equivalent certification preferred. Benefit Information: Fullsteam and its Family of Companies offers a competitive wage as well the following benefits: ?? Major Medical ?? Dental ?? Vision ?? 401k with Company Match ?? Paid Holidays ?? Personal Time Off ?? Employer Paid Short Term Disability & AD&D ?? Other employee paid supplemental insurances offered This position is 100% remote. The candidate would need to have a suitable work environment set up as their home office and be comfortable managing their own schedule in a non-corporate office environment. EEOC & ADA Statement: Fullsteam and its family of companies provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Fullsteam and its family of companies complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Fullsteam Human Resources. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Final candidate must be able to pass a background check

Apply Job!