The Zwift Information Security Team is looking for a Principal Information Security Engineer to help build and grow product security within service and engineering teams and address both deeply technical and programmatic security issues. This individual will set the vision for security engineering projects as well as mentor and cultivate our DevSecOps culture. The role requires partnering with project stakeholders to define key security metrics, identify, prioritize, and manage risk, and help to build world class security engineering teams in a fast paced cloud based containerization environment. You will coordinate and influence cross-functional engineering and integration teams to provide security consultation throughout the organization.
Successful Principal Information Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and comfortable navigating ambiguity. You should have strong problem-solving skills, excellent interpersonal skills, a deep technical understanding of modern web applications, client/server applications, and containerization based security threats, strong scripting and automation skills, and the desire to be an individual contributor to securing Zwift enterprises, services, and products.
What you’ll do:
- Align security strategy with business objectives and facilitate broad communication across the organization.
- Identify key security controls and team metrics and design security policy and enforcement strategies.
- Mentor security and engineering team members and build open, informative, and collaborative relationships.
- Establish security analytics and monitoring capabilities for consumption by security operations teams.
- Proliferate DevSecOps methodologies and cultivate a culture of highly integrated security strategies across Zwift development efforts.
- Advise and consult internal engineering teams on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
- Design and maintain a regular technology proposal review process.
- Develop and maintain a public bug bounty and vulnerability submission process.
What we’re looking for:
- 5+ years of demonstrated information security engineering leadership and experience building cross functional security teams.
- 5+ years application security experience designing, building or testing web and API based architectures.
- 3+ years aligning security strategies with business objectives.
- Comprehensive understanding of modern DevSecOps methodologies.
- Deep understanding of security vulnerabilities, attacker exploit techniques, common objectives, and tactics affecting public web applications.
- Deep working knowledge of the public cloud infrastructure and services in AWS (IAM, KIAM, EKS, EC2, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.).
- Excellent understanding of docker and container orchestration with kubernetes and experience running production kubernetes clusters in Amazon EKS, Google GKE, or similar managed platform.
- Experienced scripting skills (e.g. Python, Go, JS, C, C++, Java, Ruby, or PowerShell)
- Excellent communication skills and approaches to relationship building.
- Prior working experience in or with a Software Development Team.
- Experience crafting or working with bug bounty programs.
- Prior experience authoring or delivering public talks, meetups, conferences, or other business related events.
- Prior security auditing of Zwift applications, networks, and infrastructure.
How to stand out among the rest:
Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.
Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong. Only then can they thrive and do their best work. The values we strive to live every day are:
- Make It Fun
- Elevate Teammates
- Cultivate Our Community
- Always Level Up
- One Zwift for All
We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected]
Zwift, Inc. is an Equal Opportunity Employer.