Manager, Security Engineering

This is a fully remote position, open to applicants in Alabama, +32 more states.

📋 Description

• Team Leadership & Development: Mentoring and nurturing security engineers. This involves conducting 1:1s, planning career development, performing performance reviews, and fostering a culture of continuous learning around changing threats and technologies.

• Security Execution: Collaborating with engineers on your team and the Sr. Director of Security and Integrity, you will define and prioritize the team's security initiatives for the quarter and the year, ensuring alignment with business objectives and frameworks such as NIST CSF, CIS Controls, or SOC 2. You will convert risk assessments into actionable engineering tasks.

• Cross-Functional Collaboration: Working alongside Platform, SRE, Legal, IT, Compliance, and Product teams to integrate security into the SDLC, incident response processes, and vendor management workflows.

• Incident Response & Preparedness: You will assist the team in maintaining the Security incident response program, which includes creating runbooks, conducting tabletop exercises, managing on-call schedules, and ensuring prompt responses to alerts and events.

• Product and Cloud Security: Leading product security practices and managing cloud security posture across our AWS infrastructure, ensuring secure architecture, configuration, and continuous monitoring of our production environments.

• Vulnerability & Risk Management: Overseeing application security testing (SAST, DAST, SCA), penetration testing programs (including bug bounty), and ensuring that vulnerabilities are triaged, prioritized, and resolved within SLA.

• Corporate Security: Collaborating with IT, you and your team will help ensure robust protections in corporate security, including spam, EDR, and device security, are effectively implemented.

• Vendor & Third-Party Risk: Assisting the team in evaluating security vendors and managing third-party risk assessments.

• Budget & Resource Planning: In coordination with other department managers, you will manage the security budget, justifying tool expenditures and headcount requests.

⛳️ Requirements

• 5–7 years of experience managing a team of security engineers or similarly technical individual contributors. Proven expertise in hiring pipelines, structured interview processes, performance calibration, and career development.

• Comfortable leading daily standups and weekly 1:1s as essential practices, rather than afterthoughts.

• Familiarity with translating frameworks like NIST CSF or CIS Controls into quarterly OKRs and sprint-level tasks.

• Hands-on experience in building or advancing a security program within a mid-sized or growth-stage organization.

• Experience managing AppSec tools (SAST, DAST, SCA, Container Scanning, Secrets) and programs such as penetration testing or bug bounty.

• A background in working with or overseeing engineers who develop and refine detections in a SIEM, manage alert pipelines, and minimize noise.

• Experience leading an AI-driven team of engineers. You will know how to find rapid solutions to problems and encourage the team to pursue speed and quality of execution through AI-related tools.

• A proven history of collaboration across engineering, SRE, platform, IT, and legal teams.

• Deep familiarity with cloud security (AWS), Application Security (especially for web-native applications and authentication), endpoint security (EDR), email security (anti-spam/phishing), and device management.

• Experience in assessing security vendors and conducting third-party risk evaluations.

• Experience in defining and reporting on security KPIs such as MTTD, MTTR, vulnerability aging, and coverage metrics.

• Demonstrated expertise in one or more core security domains and secondary specialties (e.g., infrastructure security, application security, corporate IT security, security operations).

🏝️ Benefits

• Flexible work schedules and an unlimited time-off policy.

• Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus a fully-paid health reimbursement arrangement for out-of-pocket expenses and fully-paid short- and long-term disability.

• Fully paid basic and AD&D life insurance with an option for voluntary supplemental life insurance.

• Options for dependent and health care flexible spending accounts.

• Employee Assistance Program (EAP) benefits for employees.

• Automatic 2% employer-paid 401K contribution, with an additional match of up to 6% on employee contributions.

• A minimum of three months of paid medical, family, and parental leave (for all new parents, including adoptions).

• Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees.

• Additional perks including quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times.