Head of Security
New
Globally distributed team across sectors LocalStack is headquartered in Zurich/Switzerland 🇨, with a main engineering office in Vienna/Austria 🇦🇪 and remote team members from 🇺🇸the US, 🇫🇷FR, 🇬🇧UK, 🇨🇦CA, 🇪🇸ES, and many more countriesFull-TimeLead
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 7+ years
- Required Skills
- AWSLinux
Requirements
- 7+ years in a security engineering or security compliance role
- Experience leading vendor risk assessments
- Building compliance frameworks from the ground up
- Strong background in API design and build
- Strong background in DevSecOps
- Strong background in incident response
- Pragmatic, risk-driven security leadership
- Expert knowledge of threat modelling
- Expert knowledge of vulnerability management
- Expert knowledge of intrusion detection
- Expert knowledge of network security
- Expert knowledge of Linux/Unix OS hardening
- Practical experience with cloud security (AWS preferred)
- Good knowledge of common standards (e.g., SOC 2, ISO 27001, GDPR)
- Strong documentation skills
- Ability to make complex topics accessible to non-experts
- Good understanding of US and EU security and compliance expectations
- Prior engineering experience strongly preferred
- Proactive, pragmatic, and capable of risk-based decision-making
Responsibilities
- Ensure robust security posture of our product, across the various components (in particular, the LocalStack emulators, the LocalStack Cloud platform, as well as our data warehouse).
- Lead initiatives for incident monitoring, intrusion detection, and vulnerability management.
- Define and implement regular security auditing procedures across systems and access controls.
- Deliver a sustainable, scalable process for vendor risk assessments and other security-related initiatives (e.g., via tooling, delegation, or automation) including completing and submitting vendor risk assessments to support our sales process.
- Ensure secure configurations and permission models, while collaborating with the engineering teams.
- Identify gaps between claimed and actual compliance and propose/lead corrective actions.
- Own documentation of security controls, configurations, and policies.
- Engage with internal stakeholders to evaluate different security threats and attack vectors.
- Generate and distribute internal audit and compliance reports in regular intervals.
View Full Description & ApplyYou'll be redirected to the employer's site
