CrawlJobs Logo

Senior Manager, Platform Engineering - Secure Supply Chain

Stytch

Location Icon

Location:
Canada

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

194000.00 - 242500.00 CAD / Year
Save Job
Save Icon
Apply Position

Job Description:

Lead Twilio's Platform Engineering Secure Supply Chain team, which provides critical infrastructure for software development across the company. The team owns systems spanning source control management, build systems, and artifact management, ensuring secure and efficient software delivery for all of Twilio. This leader will drive strategy, operational excellence, and cross-functional collaboration with Security, Compliance, and Product Engineering teams while creating leverage and centralizing the cost of change across the organization.

Job Responsibility:

  • Lead and develop a team of engineers responsible for Twilio's secure supply chain infrastructure, including source control management (SCM), build systems, and artifact management platforms
  • Define and execute strategic vision for secure supply chain capabilities that create leverage and centralize the cost of change across the entire engineering organization
  • Partner closely with Security, Compliance, and Product Engineering leadership to establish and enforce secure supply chain standards, policies, and best practices company-wide
  • Drive operational excellence through metrics, service level objectives, and continuous improvement initiatives that balance security requirements with developer productivity
  • Build and maintain strong relationships with internal customers and stakeholders, translating business needs into technical solutions and roadmap priorities
  • Develop engineering talent through coaching, mentorship, and career development while fostering a culture of ownership, collaboration, and technical excellence
  • Champion automation, self-service capabilities, and platform thinking to scale secure supply chain practices across Twilio's diverse product portfolio
  • Collaborate with peer engineering leaders across the Platform organization to ensure cohesive technical strategy and efficient delivery
  • Communicate technical strategy, progress, and challenges effectively to senior leadership and cross-functional stakeholders

Requirements:

  • 8+ years of experience in software engineering, platform engineering, or infrastructure roles
  • At least 4+ years in engineering management leading teams of 8-12 engineers
  • Proven track record leading platform engineering team and developer platform initiatives at scale in complex, multi-product organizations
  • Experience leading teams through significant technical migrations or platform modernization efforts
  • Deep technical knowledge of source control systems (GitHub), build systems (Buildkite, GitHub Actions, Harness), and artifact management platforms (Artifactory, Nexus, container registries)
  • Strong understanding of secure supply chain practices in cloud environments (AWS, GCP, Azure) including cloud-native CI/CD, container security, infrastructure-as-code, and cloud service integrations
  • Demonstrated experience partnering with Security and Compliance teams to implement security controls, vulnerability management, and compliance requirements without compromising developer velocity
  • Strong people leadership skills including hiring, performance management, coaching, and developing high-performing engineering teams
  • Excellent stakeholder management and communication skills with ability to influence and align cross-functional partners at all levels of the organization
  • Strategic thinking with ability to balance short-term execution against long-term vision and organizational impact
  • Experience managing budgets, vendor relationships, and making build-vs-buy decisions for platform capabilities

Nice to have:

  • Experience with software supply chain security frameworks (SLSA, SBOM, vulnerability scanning, dependency management)
  • Background in highly regulated industries or companies with significant compliance requirements (SOX, PCI, SOC2, FedRAMP, ISO)
  • Contributions to open source projects or industry thought leadership in secure supply chain or developer platforms
What we offer:
  • Competitive pay
  • Generous time off
  • Ample parental and wellness leave
  • Healthcare
  • A retirement savings program
  • Additional compensation and benefits may include incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off
  • Target Bonus Percentage 17.50%

Additional Information:

Job Posted:
March 19, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Stytch - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Manager, Platform Engineering - Secure Supply Chain

Senior Security Engineer

PagerDuty is seeking a Senior Security Engineer to join our diverse, customer-fo...
Location
Location
Canada , Toronto
Salary
Salary:
137000.00 - 207000.00 CAD / Year
https://www.pagerduty.com Logo
PagerDuty
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proficiency with Application & Product Security typically associated with 4 - 5 years of experience in a Security Engineering role working with a cloud-native, microservices environment, preferably AWS
  • Familiarity with cloud-native product technologies including: Vulnerability detection via multiple approaches including SAST, DAST, SCA, and runtime (e.g., Qualys/Nessus, Wiz, Snyk, GHAS, Semgrep, etc.)
  • CI/CD technologies and integrations (e.g., CircleCI, Buildkite, Helm, Terraform, Chef)
  • Product security event logging standards and analysis tools (e.g., SIEM such as: SumoLogic, LogRythm, or Splunk, etc.)
  • Security Incident Response & Risk Management processes and tools
  • Proficiency in at least one programming language and framework (e.g. Python, Bash, Phoenix/Elixir, Java, Ruby on Rails), typically associated with 3 - 4 years of experience with the language/framework
  • Have exceptional written, oral communication, and interpersonal skills
  • Organizational skills with the ability to successfully manage multiple priorities and deadlines
Job Responsibility
Job Responsibility
  • Embrace the role of hands-on technical lead in defining product security standards and guiding platform protections
  • Establish criteria and conduct comprehensive security reviews throughout all stages of product development to identify and address security risks
  • Perform regular threat assessments, coordinate with third-party testers for penetration testing, and conduct internal penetration testing to identify and mitigate security risks
  • Mentor and guide team members to ensure product and business objectives are prioritized in project implementations, fostering a strong documentation culture with project charters and design documents
  • Work with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach, and collaborate with the team to design and implement effective security frameworks. Maintain a strong appetite for challenging problems with a high degree of ownership
  • Participate in the team’s On-Call rotation, triaging and addressing security issues as they arise, and implement measures to prevent future occurrences
  • Enable service team security implementations by developing security-as-code constructs, including infrastructure-as-code (IaC) modules, libraries and frontend components, while creating and maintaining developer-focused documentation to promote easy adoption
  • Establish and uphold baseline standards and hardened configurations for platform components
  • Continuously enhance security frameworks by focusing on product security standards and software supply chain protections, tailored for application security in cloud-native, microservices environments
What we offer
What we offer
  • Competitive salary
  • Comprehensive benefits package from day one
  • Flexible work arrangements
  • Company equity
  • ESPP (Employee Stock Purchase Program)
  • Retirement or pension plan
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
  • Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This role involves embedding security into software delivery pipelines, designin...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–8+ years of experience in Application Security, Product Security, or Secure Software Development
  • hands-on experience securing software delivery pipelines (CI/CD) and source code repositories (GitHub, GitLab, Jenkins)
  • knowledge of supply chain security frameworks and controls (e.g., SLSA, NIST SSDF)
  • familiarity with secrets management, artifact signing (Sigstore, Cosign), and build integrity practices
  • hands-on experience with WAF tuning, API security controls, and vulnerability remediation
  • proficiency with one or more programming languages (Python, Java, Go, JavaScript/Node.js)
  • experience with SAST, DAST, SCA, and container image scanning tools
  • cloud security experience with AWS, Azure, or GCP
  • deep understanding of OWASP Top 10 (Web + API), CWE, and secure coding practices
Job Responsibility
Job Responsibility
  • secure SDLC & DevSecOps integration
  • design and implement security controls for build and release pipelines (GitHub Actions, Jenkins, GitLab, Azure DevOps)
  • ensure code integrity via signing, artifact scanning, and build provenance
  • automate SAST, DAST, SCA, and container image scanning as part of the software delivery pipeline
  • identify and remediate misconfigurations in pipeline environments and access control
  • design, implement, and monitor WAF rules and API protections
  • perform API risk assessments
  • champion secure design patterns
  • conduct secure code reviews and support automation of testing pipelines
  • triage, prioritize, and track security issues identified in code, pipelines, and deployed environments
What we offer
What we offer
  • comprehensive suite of benefits that supports physical, financial and emotional wellbeing
  • programs catered to helping you reach career goals
  • inclusive work environment
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

We’re building a world-class global Security team as part of our Trust Program. ...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
highspot.com Logo
Highspot
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of robust, progressive experience in security engineering, application security, DevSecOps, incident detection and response, or closely related fields
  • Advanced proficiency in at least one programming language (Python, Ruby, Go, Rust, JavaScript), with deep experience conducting detailed code reviews and security assessments across multiple languages
  • Hands-on experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems
  • Demonstrated experience mentoring, coaching and guiding junior and mid-level security engineers, contributing to a strong team culture, and supporting peer development as a senior individual contributor
  • Demonstrated proactive approach, strong continuous learning orientation, and curiosity about emerging threats, security trends, and innovative technologies
  • Extensive expertise securing cloud-native environments (AWS, Azure, GCP, containers, microservices), with in-depth knowledge of modern cloud security risks and defenses
  • Demonstrated ability to embrace being wrong, practice humility, continuously learn from experiences, and actively seek insights through thoughtful questioning and collaboration
Job Responsibility
Job Responsibility
  • Lead comprehensive application security assessments, advanced threat modeling sessions, and secure code reviews across critical product features, internal tooling, endpoints, and third-party integrations
  • Collaborate strategically with product engineering to establish and enhance secure-by-default and privacy-by-design practices within the software development lifecycle (SDLC)
  • Lead and otherwise participate in incident detection, investigation, triage, containment, and root cause analysis for high impact security incidents, providing mentorship and guidance to junior engineers as required
  • Drive the development and continuous improvement of sophisticated detection rules, response automation, and optimized alert management across cloud environments, corporate infrastructure, and SaaS platforms
  • Lead and participate in complex vulnerability remediation processes, and effectively respond to security issues discovered by both internal teams and external sources
  • Document technical findings and strategic decisions in a clear and accessible manner, and procedural enhancements
  • significantly contribute to comprehensive security playbooks and knowledge repositories
  • Manage and oversee asksecurity@ request handling, and actively participate in sprint-based security activities, balancing strategic and tactical execution
  • Actively participate in the security on-call rotation, or provide senior-level guidance as required during an event and aid in rapid response capabilities to protect our 24x7 platform and global workforce
  • Fulltime
Read More
Arrow Right

Senior Director, Security Engineering

At Modus Create, we help organizations build modern platforms and products with ...
Location
Location
United States of America
Salary
Salary:
Not provided
moduscreate.com Logo
Modus Create
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years in security, software, or systems engineering roles
  • 7+ years leading senior security engineers, managers, or Directors—ideally in global, distributed, or consulting environments
  • Hands-on experience with modern security engineering across application, cloud, and platform environments, including secure SDLC, CI/CD security, infrastructure-as-code, and threat modeling
  • Proven success supporting pre-sales, solutioning, and growing security-led engagements within enterprise or mid-market accounts
  • Demonstrated ability to build scalable security practices, uplift team capabilities, and develop high-performing, inclusive security engineering teams
  • Strong empathy for client risk, constraints, and delivery realities, with the ability to translate security needs into pragmatic, measurable outcomes
  • Effective across technical, executive, and cross-functional settings, with the ability to clearly articulate risk, tradeoffs, and recommendations to diverse stakeholders
  • Technical Skills: secure-by-design systems, threat modeling, risk assessment, vulnerability management, penetration testing, incident readiness and remediation
  • Cloud & Infrastructure Security: cloud security architecture, multi-account strategy, IAM, network security, shared services, secure landing zones
  • Application Security: secure SDLC, code review practices, dependency and supply-chain security, secrets management, configuration hardening
Job Responsibility
Job Responsibility
  • Embed Security into Modern Delivery: Integrate security into development workflows, CI/CD pipelines, and infrastructure-as-code
  • Drive shift-left security practices in partnership with platform and product teams
  • Ensure security tooling and controls enable delivery velocity rather than block it
  • Promote secure-by-design patterns across cloud-native and platform environments
  • Deliver Trusted, Secure Systems: Lead threat modeling, vulnerability management, and remediation planning across engagements
  • Guide incident readiness, root cause analysis, and systemic risk reduction
  • Ensure security risks are clearly articulated, prioritized, and addressed
  • Balance short-term delivery needs with long-term security posture
  • Lead & Grow Security Teams: Lead, mentor, and develop Directors and senior security practitioners
  • Set clear expectations around ownership, quality, and professional growth
What we offer
What we offer
  • Remote work with flexible working hours
  • Modus Global Office Program: on-demand access to private offices, meeting rooms, coworking spaces and business lounges in locations in over 120 countries
  • Employee Referral Program
  • Client Referral Program
  • Travel according to client or team needs
  • The chance to work side-by-side with thought leaders in emerging tech
  • Fulltime
Read More
Arrow Right

Senior Data Engineer

We are looking for a Senior Data Engineer (SDE 3) to build scalable, high-perfor...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
https://cogoport.com/ Logo
Cogoport
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of experience in data engineering, working with large-scale distributed systems
  • Strong proficiency in Python, Java, or Scala for data processing
  • Expertise in SQL and NoSQL databases (PostgreSQL, Cassandra, Snowflake, Apache Hive, Redshift)
  • Experience with big data processing frameworks (Apache Spark, Flink, Hadoop)
  • Hands-on experience with real-time data streaming (Kafka, Kinesis, Pulsar) for logistics use cases
  • Deep knowledge of AWS/GCP/Azure cloud data services like S3, Glue, EMR, Databricks, or equivalent
  • Familiarity with Airflow, Prefect, or Dagster for workflow orchestration
  • Strong understanding of logistics and supply chain data structures, including freight pricing models, carrier APIs, and shipment tracking systems
Job Responsibility
Job Responsibility
  • Design and develop real-time and batch ETL/ELT pipelines for structured and unstructured logistics data (freight rates, shipping schedules, tracking events, etc.)
  • Optimize data ingestion, transformation, and storage for high availability and cost efficiency
  • Ensure seamless integration of data from global trade platforms, carrier APIs, and operational databases
  • Architect scalable, cloud-native data platforms using AWS (S3, Glue, EMR, Redshift), GCP (BigQuery, Dataflow), or Azure
  • Build and manage data lakes, warehouses, and real-time processing frameworks to support analytics, machine learning, and reporting needs
  • Optimize distributed databases (Snowflake, Redshift, BigQuery, Apache Hive) for logistics analytics
  • Develop streaming data solutions using Apache Kafka, Pulsar, or Kinesis to power real-time shipment tracking, anomaly detection, and dynamic pricing
  • Enable AI-driven freight rate predictions, demand forecasting, and shipment delay analytics
  • Improve customer experience by providing real-time visibility into supply chain disruptions and delivery timeline
  • Ensure high availability, fault tolerance, and data security compliance (GDPR, CCPA) across the platform
What we offer
What we offer
  • Work with some of the brightest minds in the industry
  • Entrepreneurial culture fostering innovation, impact, and career growth
  • Opportunity to work on real-world logistics challenges
  • Collaborate with cross-functional teams across data science, engineering, and product
  • Be part of a fast-growing company scaling next-gen logistics platforms using advanced data engineering and AI
  • Fulltime
Read More
Arrow Right

Security DevOps Engineer

Realize your potential by joining the leading performance-driven advertising com...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
taboola.com Logo
Taboola
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10)
  • DevSecOps Focus: Proven ability to “shift left” security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies
  • Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products
  • Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process
  • Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs)
  • Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging “security as code” principles and automating evidence collection to demonstrate compliance across the pipeline
  • Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck
Job Responsibility
Job Responsibility
  • Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the company’s comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment
  • Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including: Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools)
  • Owning the bug bounty and responsible disclosure program’s triage and remediation tracking
  • Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles
  • Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms
  • Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate – MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture
  • Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle
What we offer
What we offer
  • Flexibility: We offer a hybrid work schedule with 3 days in-office with an option to come in more often if desired
  • Work with some of the biggest names: We work with some of the biggest names in the business. Our publisher partners include Yahoo, Conde Nast, Fox Sports, NBCU, ESPN, CBS, and E! Online. Our advertiser clients include Wells Fargo, Honda, Pinterest, Expedia and Honda
Read More
Arrow Right

DevOps Engineer

Realize your potential by joining the leading performance-driven advertising com...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
taboola.com Logo
Taboola
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10)
  • DevSecOps Focus: Proven ability to “shift left” security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies
  • Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products
  • Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process
  • Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs)
  • Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging “security as code” principles and automating evidence collection to demonstrate compliance across the pipeline
  • Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck
Job Responsibility
Job Responsibility
  • Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the company’s comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment
  • Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including: Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools)
  • Owning the bug bounty and responsible disclosure program’s triage and remediation tracking
  • Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles
  • Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms
  • Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate – MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture
  • Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle
What we offer
What we offer
  • Flexibility: We offer a hybrid work schedule with 3 days in-office with an option to come in more often if desired
  • Work with some of the biggest names: We work with some of the biggest names in the business
Read More
Arrow Right

Sre security

Realize your potential by joining the leading performance-driven advertising com...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
taboola.com Logo
Taboola
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10)
  • DevSecOps Focus: Proven ability to “shift left” security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies
  • Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products
  • Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process
  • Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs)
  • Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging “security as code” principles and automating evidence collection to demonstrate compliance across the pipeline
  • Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck
Job Responsibility
Job Responsibility
  • Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the company’s comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment
  • Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including: Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools)
  • Owning the bug bounty and responsible disclosure program’s triage and remediation tracking
  • Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles
  • Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms
  • Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate – MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture
  • Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle
What we offer
What we offer
  • Flexibility: We offer a hybrid work schedule with 3 days in-office with an option to come in more often if desired
  • Work with some of the biggest names: We work with some of the biggest names in the business. Our publisher partners include Yahoo, Conde Nast, Fox Sports, NBCU, ESPN, CBS, and E! Online. Our advertiser clients include Wells Fargo, Honda, Pinterest, Expedia and Honda
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy