Director of Information/Product Security Lookout
San Francisco, CA

Job Description

Lookout is a cybersecurity company for the post-perimeter, cloud-first, mobile-first world. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides visibility into the entire spectrum of mobile risk. Lookout is trusted by hundreds of millions of individual users, enterprises and government agencies and partners such as AT&T, Verizon, Vodafone, Microsoft, Apple and others. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, India, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.

Lookout is a modern startup for the modern world, run by apps! As part of Lookout's engineering team, you will have an opportunity to take on some of the most interesting challenges in one or more core areas of intellectual property and fundamental building blocks that form Lookout's category-defining Personal and Enterprise products. In order to tackle these challenging problems, you must be open-minded to explore new areas as well as evolve key existing systems, such as high scale cloud systems, mobile platforms(iOS/Android) development, detection engines, analysis systems cloud backend micro-services, front-end/UI, Data Engineering, Machine Learning, Threat research and CI/CD. If you enjoy building cutting edge products leveraging the latest technologies, tools and development methodologies, and want to make an immediate impact through your work, come check us out.

About the job:

Lookout's users and product developers trust our Information Security team to provide them with the most secure experience. Lookout is seeking a highly motivated and innovative leader to secure our global production and corporate environments. You will lead our devsecops programs and be responsible for securing our global footprint. You will also be responsible for establishing the internal security controls that will ensure that our employees' and customers' data remains protected against the attacks that target us on a daily basis. will have incredible communication skills and experience analyzing products from a security perspective.

You immerse yourself in all aspects of security, especially as it relates to building secure microservice-based cloud products, DevSecOps and stopping attacks in the cloud. You are looking for an opportunity that will challenge you to expand your and your team's skills and creativity. You are ready to face a wide range of security and compliance questions. Production servers, networks, endpoint devices, and data are safe in your hands. You are a subject matter expert who wants to implement tactical solutions and contribute to innovative solutions to big picture issues securing a microservices-based cloud environment at scale.

What you need for this position:

* Experience building a security program that integrates tightly with a distributed development team of 150+ engineers who are deploying code rapidly while also maintaining our ISO, Fedramp and other compliance initiatives
* Understand how a security program should be structured, executed, and managed in that environment including: Developer training, application security, security architecture, audit, compliance, detection and response.
* You are excited about the challenge of recruiting, leading and managing a global team of 7-10+ top-notch AppSec and Infrastructure Security Engineers
* Deep understanding of large scale distributed application security best practices and common vulnerabilities
* Understanding of the secure data storage, management, and best practices in applied cryptography.
* Experience with high-performance, open source web application technologies and management of access to the data centers, ensuring appropriate access and reporting to management about data center
* Ability to partner with key stakeholders across Engineering, IT, Operations, Compliance and Product in order to drive key business initiatives.
* Strong leadership skills and team building skills
* Excellent written & communication skills

Responsibilities:

You'll be tasked with improving security across all aspects of Lookout. The infrastructure, mostly in Amazon Web Services, will run complex highly security-sensitive services, and at significant scale. You will be challenged every day.

* Push the boundaries of security technology to create defenses for large scale production infrastructure and networks.
* Provide subject matter expertise on network architecture, DevSecOps, building secure software and implementation security controls in an Agile environment
* Perform security assessments of production, corporate and cloud infrastructures
* Define and implement network access control policies, automation and technical controls
* Harden our infrastructure from attack by implementing strong Agile Security Development Lifecycle (SDL) tools and processes
* Define and implement innovative monitoring and alerting systems to enable detection of intrusions
* Provide training to engineering teams on application security related topics.
* Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
* Evangelize security within Lookout.
* Create services and tools to manage the security of our infrastructure
* Contribute to the creation & implementation of Security Strategies

Requirements:

* BS in Computer Science, Computer Engineering or Electrical Engineering
* 8 + years of practical experience with security architecture, design and implementation in large scale products and cloud infrastructure
* Experience in a DevOps and Security (DevSecOps) focused environment
* Understanding of relevant compliance and certification frameworks including ISO 27001 & 27018, Fedramp, HIPAA, GDPR and NIST Cybersecurity Framework
* Hands on experience with AWS and AWS security controls (IAM, Lambda, GuardDuty, CloudTrail, KMS)
* Experience with writing and using network automation tools, and scripting languages (ruby/python preferred)
* Software development experience, and deep familiarity with Secure Development Lifecycles
* Expert knowledge of Linux operating systems
* Security Certifications are a plus
* Familiarity with compliance frameworks and standards (FedRamp, PCI, etc.) is preferred

Desired qualifications and skills:

* 10+ years of experience in security leadership roles, with specializations in application security / secure development (i.e. code reviews, application penetration testing, security engineering) and/or threat detection and response
* An expert in two or more of the following domains: authentication/IDM/IDP, security protocols, application security, mobile application security, cloud based services, threat detection / hunting, incident response and threat modeling.
* Some understanding of securing a cloud-oriented product landscape developed in modern languages (e.g. Ruby, Java, NodeJS, Python, etc)
* Excellent written and verbal communication skills.
* Excellent teamwork and leadership skills.