Director of Security Operations - Walnut Creek
Company: Alpine Software Group
Location: Walnut Creek
Posted on: November 6, 2024
Job Description:
ASG is an unconventional group of market-leading SaaS software
companies serving industries ranging from behavioral health to
transportation to childcare. ASG believes deeply in the power of
people and data to grow great organizations and that sharing
knowledge, expertise, and resources across its community of
businesses drives exponential growth. ASG has acquired over 50
businesses since its inception in August of 2016. We are backed by
Alpine Investors and operated by world-class PeopleFirst() leaders.
Founders of leading SaaS companies continue to trust ASG to grow
their businesses and build even stronger legacies for the future.
To learn more, visit www.alpinesg.com .JOB DESCRIPTIONWe seek an
experienced, hands-on Director of Security who can help our
operating companies build the most secure platform. You will help
our companies operationalize security best practices across our
portfolio and drive best practices in application security testing,
penetration testing, secure coding, infrastructure, audit, risk
assessment, compliance, and incident response programs.You will
join an elite team of subject matter experts at the holding
company, helping implement engineering strategy and best practices
across the portfolio. Through acquisitions, you will get an
opportunity to understand a wide array of tech stacks and software
products and deploy a diverse set of growth strategies throughout
the hold period of our investments. You will also learn from and
pair with extraordinary leaders across our business.The ideal
candidate should have hands-on experience securing/auditing web and
mobile applications, effective incident response, risk assessment,
obtaining compliance, and strategically raising a company's
security posture. The role will report directly to the CTO at
ASG.You're Excited About This Opportunity Because You Will:
- Perform/manage AppSec and penetration testing and provide
recommendations for various mobile and web apps as well as APIs and
other web infrastructure.
- Conduct forensic investigations to analyze security incidents,
understand root causes, and develop strategies to prevent future
occurrences.
- Support due diligence, assess security postures,identify
potential risks and integration challenges during the deal
process.
- Assist in businesses' exit processes, ensuring security
compliance, proper documentation, and mitigating any potential
security risks that could impact the sale.
- Conduct red teaming and threat modeling for various web
applications, API, and Mobile apps.
- Review Azure/AWS/GCP security footprints in concert with our
DevOps teams and provide recommendations.
- Assist in all aspects of audits, including risk assessments,
planning, testing, control evaluation, and reporting.
- Recommend process, technology, operations, and compliance
enhancements to improve the security of the portfolio
companies.
- Develop and lead cyber security strategy and foster a community
of Cyber Security leads across our portfolio.
- Be an effective teacher/coach and help train our teams on
security best practices.
- Manage incident response through vendors and address the
portfolio's security needs.
- Assist portfolio companies in getting and maintaining SOC2,
PCI, HIPPA, CCPA, CPRA, and GDPR. (Among the other state/local data
privacy laws)
- Be a security subject matter expert and respond to
internal/external security questions.
- Provide technical design recommendations to address audit &
compliance narratives in partnership with technology SMEs and
leadership.
- Be the SME for cloud governance, risk, compliance, policies,
and executive reporting.We're Excited About You Because:
- You have a minimum bachelor's degree in Computer Science,
Cybersecurity, or a related field.
- You have 5+ years of experience in web application security
testing and/or secure development methodologies.
- You have a solid understanding of authentication's best
practices, ensuring secure access control best practices are
enforced.
- You understand modern web frameworks, APIs, containers,
databases, and WAF well.
- You have experience performing source code analysis.
- You are familiar with Burpsuite, Nessus, ZAP, Arachni, Kali,
and Nmap.
- You have strong knowledge of cloud security and governance
(AWS/Azure/GCP).
- You have one of the following certificates: CISA, CISSP, CISM,
OSWE, OSCP, GWAPT, or GWEB
- You have conducted incident response and/or hold the GCIH or
GCFR certification
- You have experience in SOC, HIPAA, GDPR, or PCI DSS.
- You have experience performing risk assessments and
appropriately prioritizing risk.
- You have excellent written and verbal communication,
presentation, and listening skills, and you can present complex
technical information to various technical and non-technical
audiences.
- You possess a proactive, solution-oriented, problem-solving
mindset -- "I'll figure it out."
- You thrive in a small, growing, fast-paced, results-oriented
environment.Base Salary Range: The target salary range for this
position is $200k- $300k, and is part of a competitive total
rewards package including an annual bonus, employer-paid benefits,
L&D stipend, and incentive pay for eligible roles. Individual
pay may vary from the target range and is determined by a number of
factors, including experience, location, internal pay equity, and
other relevant business considerations. We review all employee pay
and compensation programs annually at a minimum to ensure
competitive and fair pay.Accepted file types: pdf, doc, docx, txt,
rtfAccepted file types: pdf, doc, docx, txt, rtf LinkedIn Profile
Website We're better together when we're different, together.At
ASG, we strive to create engaged and inclusive workplaces that
celebrate and reflect the global nature of our employees and the
customers we serve. We believe that talent is based on what you can
do, not what you've done. And we know that supporting a diverse
team with varied lived experiences advances equality, inspires
innovation, and ultimately drives better business outcomes. Our
mission is to build vertical SaaS platforms that are a force for
good for their employees, customers, and the world. So we've built
a company (of many companies) where difference is valued, learnings
are shared, and potential is unleashed. Join us. I ndividuals
seeking employment at ASG are considered without regards to race,
color, religion, national origin, age, sex, marital status,
ancestry, physical or mental disability, veteran status, gender
identity, or sexual orientation. You are being given the
opportunity to provide the following information in order to help
us improve our hiring practices over time. Completion of the form
is entirely voluntary . Whatever your decision, it will not be
considered in the hiring process or thereafter. Any information
that you do provide is strictly confidential and is not tied to
your direct application. Select... Ethnic and Race Identification *
Select... LGBTQ * Select... Select... How did you initially hear
about this job? * Select...
#J-18808-Ljbffr
Keywords: Alpine Software Group, Fremont , Director of Security Operations - Walnut Creek, Executive , Walnut Creek, California
Didn't find what you're looking for? Search again!
Loading more jobs...