Senior Security Architect - Security Development Lifecycle

| Seattle
Do you have a passion for securing cloud native environments? Are you interested in creating and defining industry-leading standards and patterns? Would you like the opportunity to work with a world class engineering team, to train, mentor, and grow a security oriented development culture? Outreach’s needs a Sr. Security Architect who can help set the standards and direction for Outreach’s security development lifecycle (SDL) program.
In this role you will play an integral and defining role in the Outreach Security Program. The ideal candidate will take ownership of, management, and the ongoing improvement of the processes and technical security controls used by our engineering teams to securely develop industry leading products.
Starting day one, you will be working with leadership and engineering partners from across our organization, external auditors, and at times, directly with our customers. You will help train and collaborate with engineers to design and implement the processes into our CI/CD pipeline to reduce the chance of vulnerabilities in our production code. The ideal candidate will develop a mix of technical/engineer focused training and awareness materials, and together with an in-depth understanding of process management and available technologies will lead defining the right security engineering baselines and measurements for SDL effectiveness. Candidates will be expected to demonstrate:
1.Technical Fluency - A passion for security and technology, familiarity with DevOps methodology, SaaS and cloud security solutions and standards, and microservices architectures.
 2. Advisory Skills - Giving direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams with which they engage.
3. Execution - Planning, coordination, managing dependencies and risks, diving deep when issues arise.

Your Daily Adventures will Include:

  • As an Sr. Security Architect focused on the security development lifecycle you will be responsible for:
  • Developing and managing a secure code training program to ensure engineers understand security best practices and techniques when writing code in a cloud native SaaS environment.
  • Research the threat landscape and regulatory considerations applicable to Outreach’s business and recommend security solutions to address known (and potential) threats and risks by identifying and implementing appropriate engineering security requirements.
  • Identifying the minimum acceptable levels of security quality and integrating these metrics into existing automated engineering measurements.
  • Conducting Threat Models and training engineers to utilize threat modeling concepts and other standard evaluation practices to identify and prioritize risk potential vulnerabilities and in collaboration define possible mitigations.
  • Develop, document and manage the security standards and design patterns used by all engineers to deliver consistent, secure features and code.
  • Managing a process to inventory and assess the risk of third-party components and their dependencies and vulnerabilities.
  • Managing the security tools used by engineering to perform security checks including static and dynamic analysis security testing to analyze source code and run time verification of compiled code.
  • Reviewing the operating effectiveness of current engineering controls and developing a program of continual optimization based on feedback from both the security and engineering teams.
  • Incorporate our Bug Bounty program deeper into our engineering processes to ensure security bugs are triaged, ticketed and resolved in a timely manner. 
  • Ensuring cross company collaboration by establishing a strong partnership between security and engineering teams with the overarching goal of improving trust of Outreach and its products.
  • Successfully running the Outreach Security Development Lifecycle program.

Qualifications

  • Successful candidates must have the following skills, experience, and qualifications:
  • A minimum of 5-7 years experience as an application security architect or principal engineer where you managed, defined, measured and/or operated a security development lifecycle program for a technology company.
  • Extensive information security development program experience including the threat models, secure coding best practices, finding vulnerabilities and secrets in code, and coordinating appropriate remediations in a cloud native SaaS environment. 
  • Experience creating reference architectures and reviewing engineering specs and data flow application diagrams for security weaknesses. 
  • Experience performing code review for security vulnerabilities.
  • Direct experience in interpreting and incorporating industry and regulatory vulnerability standards into operational programs (e.g., OWASP Top 10, MITRE ATT&CK).
  • Demonstrated success working with engineers and technologies in cloud native, devops environments (including CI/CD pipelines, microservices, and infrastructure as code).
  • Significant experience in partnering and collaborating with individual engineers, as well as creating formal documentation assets to summarize and represent program effectiveness to executive leadership.
  • Experience evaluating, selecting and implementing third party programs and services to support a successful SDL program.
  • Experience training and mentoring peers with application security skills and best practices.
  • Ability to analyze problems and make appropriate decisions quickly.
  • Ability to drive large, complex programs and solutions using both direct and virtual teams.
  • Excellent interpersonal and management skills.
  • Strong written and verbal communication skills.
  • Ability to work flexibly and independently to achieve results within the dynamic Outreach culture.
  • Ability to maintain extreme confidentiality.

Why You’ll Love It Here
• 100% medical, dental, and vision coverage for full-time employees
• Flexible time off
• 401k to help you save for the future
• Company-organized and personal paid volunteer days to support the community that supports us
• Fun company and team outings because we play just as hard as we work
• Diversity and inclusion programs that promote employee resource groups like OWN (Outreach Women's Network)
• A parental leave program that includes not just extended time off but options for a paid night nurse, food delivery, gradual return to work, and the Gottman Institute's Bringing Home Baby course for new parents
• Employee referral bonuses to encourage the addition of great new people to the team
• Plus, unlimited snacks and beverages in our kitchen
• We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • GolangLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • Elixir Languages
    • ReactLibraries
    • ReduxLibraries
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • MySQLDatabases
    • RedisDatabases

Location

Our Lower Queen Anne office is located along the beautiful Elliott Bay waterfront north of Belltown, near Myrtle Edwards Park.

What are Outreach Perks + Benefits

Culture
Volunteer in local community
Outreach organizes quarterly events for employees to volunteer together in the community. We also offer paid time off for volunteer days.
Friends outside of work
Eat lunch together
Intracompany committees
Outreach offers amazing groups such as OWN (Outreach Women's Network), Gals & Sals, and a Diversity & Inclusion committee that offer networking and development opportunities, and host fun events.
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Diversity
Diversity manifesto
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
All employees receive a basic life insurance plan at the $100,000 level. Employees can elect voluntary life insurance if they would like additional coverage beyond the $100,000 level.
Retirement & Stock Options Benefits
401(K)
Company Equity
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Acme Co. provides employees with a flexible work schedule that includes Flexible start and end times.
Family Medical Leave
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Generous PTO
Outreach offers unlimited PTO.
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Outreach offers unlimited PTO.
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Happy Hours
Parking
Pet Friendly
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
More Jobs at Outreach53 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
Marketing
Operations
Product
Project Mgmt
Sales
Operations
new
Seattle
Sales
new
Seattle
Sales
new
Seattle
Marketing
new
Seattle
Developer
new
Seattle
Developer
new
Seattle
Finance
new
Seattle
Finance
new
Seattle
Finance
new
Seattle
Developer
new
Seattle
Data + Analytics
new
Seattle
Product
new
Seattle
Operations
new
Seattle
Operations
new
Seattle
Data + Analytics
new
Seattle
Design + UX
new
Seattle
Project Mgmt
new
Seattle
Developer
new
Seattle
Design + UX
new
Seattle
Sales
new
Seattle