We’re looking for a Chief Information Security Officer who lives and breathes web application and infrastructure security and wants to join one of Israel’s fastest growing startups. You will take on the paramount task of building a dedicated security team, reshaping our development lifecycle and leading the way in “everything security” from the perspective of making our product more secure and our work processes better. We value initiative and are eager to listen and learn from those who bring in new experience and value to our team, which is exactly what we expect from our new CISO.
Our Stack Ruby on Rails, Node.js, Elasticsearch, Redis, Memcached, MySQL, Docker, Kubernetes, AWS, Ansible, Terraform, Mac/Linux
The dedicated security team, led by the CISO, will be responsible for enhancing our security posture in a variety of fields and ways, evaluating it on a regular basis and offering their insights on what and how we should move forward. Among those:
● Reviewing and improving our cloud network and application architecture
● Integrating and operating new security solutions
● Coordinating penetration tests and bug bounty efforts
● Cooperating with the operation and legal team on security-related issues, including compliance and internal security
● Serving as a hub of knowledge for developers, infrastructure engineers and operation staff, and to the security engineers who make up the team
● Taking on hands-on tasks like adding new security features to our products
● Leading our ongoing efforts to improve our security on all fronts and wherever the CISO sees fit.
● You will get decisions using data in a fully transparent environment, where you'll be part of all aspect of the business.
● Part of your responsibility is to mentor your team in a way that will allow them to run fast forward, independently.
● You will be part of leadership, helping in creating our culture, processes etc. while we scale more than 300% YoY.
● Recruit top talented engineers.
- 4+ years experience as a Chief Information Security Officer or equivalent position
- Extensive knowledge of web security, based on the OWASP Top 10 security risks, impact and mitigation Extensive knowledge of network and cloud infrastructure security and best practices Familiarity with local security-related regulations and certifications (e.g. ISO 27001, SOC2, GDPR...) Cyber security certification (e.g. CISSP, GSEC, CEH, ECSS, CCISO...) - advantage DevOps and Infrastructure experience - advantage Ability to see the big picture and balance the needs of the product with security needs Team player, egoless, strong communication skills and empathy