Job DescriptionCompany Description
Zayo provides mission-critical bandwidth to the world's most impactful companies, fueling the innovations that are transforming our society. Zayo's 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo's communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.
We are seeking an experienced and knowledgeable Director of Application & Product Security. This position is responsible for overseeing the development, implementation, and management of current and new application security capabilities. The Director of Application & Product Security will provide strategic direction, leadership, and operational excellence to protect our organization from cyber threats and ensure the security of our products throughout their lifecycle. The ideal candidate will have a deep understanding of cybersecurity principles, extensive experience in security program management, and a proven track record of success in leading cross-functional teams.
Responsibilities:
Static Code Analysis (SCA): Establish and maintain a comprehensive static code analysis program to identify and address security vulnerabilities and coding errors in our software code.
Dynamic Code Analysis (DCA): Lead efforts to assess the security of running applications and services through dynamic code analysis, identifying and mitigating security weaknesses.
Container Security: Develop and implement robust container security practices, including securing container images, managing container runtime security, and enforcing access controls.
Bug Bounty: Establish and manage a bug bounty program to engage external security researchers and ethical hackers in identifying vulnerabilities in our products, overseeing the responsible disclosure and remediation process.
Penetration Testing: Coordinate and oversee penetration testing activities to evaluate the security posture of our products, ensuring comprehensive assessments and providing recommendations for improvement.
Vulnerability Disclosure Governance: Develop and maintain a vulnerability disclosure governance process, facilitating responsible vulnerability disclosures, coordinating communication with external researchers, and overseeing the remediation efforts.
API Security: Implement and enforce API security measures to protect the integrity, confidentiality, and availability of our product's application programming interfaces (APIs).
Developer Security Training & Awareness: Establish comprehensive security training and awareness programs for developers, promoting secure coding practices, and ensuring adherence to security standards throughout the development process.
Secure Development Lifecycle (SDL): Drive the integration of security considerations and practices into the product development lifecycle, including requirements, design, coding, testing, and deployment.
Product Security Governance: Define and enforce policies, standards, and guidelines for product security, ensuring compliance with relevant regulations and industry best practices.
Incident Response and Vulnerability Management: Develop and implement processes and protocols for effective incident response and vulnerability management in collaboration with cross-functional teams.
Security Architecture and Design: Collaborate with product development teams to incorporate robust security controls and mechanisms into the architecture and design of our products.
Security Testing and Validation: Oversee comprehensive security testing activities, including code reviews, security assessments, and security-focused quality assurance (QA) testing.
Security Compliance and Audit: Ensure our products meet relevant security compliance requirements, actively participate in security audits and assessments, and drive ongoing compliance efforts.
Experience and Education Requirements:
Bachelor's degree in computer science, cybersecurity, programming, database administration, or a related field.
Possession or progress towards certifications such as CISSP, CISM, ISC2, ISACA, SANS GIAC, CompTIA, ITIL.
Minimum of 9 years of experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management.
Extensive experience in product security, with a focus on managing security programs in a leadership role.
Demonstrated experience in overseeing static and dynamic code analysis, container security, and vulnerability disclosure governance.
Familiarity with bug bounty programs and penetration testing methodologies.
Knowledge of API security and secure software development life cycle (SDLC) practices.
Excellent leadership and team management skills, with the ability to inspire and motivate cross-functional teams.
Strong communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
If you are a highly skilled and experienced security professional looking for an exciting leadership opportunity, we encourage you to apply for the position of Director of Application & Product Security. Join our dynamic team and play a pivotal role in protecting our organization's assets and ensuring the security of our products.
Benefits, Rewards & Wellness
Excellent Health, Dental & Vision Insurance
Retirement 401(k) Savings Plan
Fitness membership discounts
Generous paid time off policy including paid parental leave
Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Zayo is an Equal Opportunity/Affirmative Action employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. EEO IS THE LAW Zayo invites any applicant and/or employee to review the Company’s written Affirmative Action Plan. This plan is available for inspection upon request by emailing our People Ops team.