Sr. Manager, Security Engineering

The Senior Manager of Security Engineering at 6sense is responsible for overseeing daily operations of the Security Engineering team, managing initiatives related to application and infrastructure security, and ensuring compliance with industry security standards. This includes mentoring team members, enhancing security tooling, and collaborating with other departments to maintain a top-notch security posture.

To qualify for the Senior Manager, Security Engineering position at 6sense, candidates should have at least 8 years of experience in information security, with a strong focus on Secure SDLC and Cloud Security. Additionally, 3 years of management experience in a Security Engineering or similar role, along with knowledge of industry security frameworks, is preferred.

The Senior Manager, Security Engineering at 6sense directly contributes to security initiatives by implementing and managing robust security programs such as vulnerability management and secure code reviews. This role also influences security awareness and promotes secure development practices across various teams within the organization.

Career growth for a Senior Manager, Security Engineering at 6sense can lead to higher leadership positions within the security department or opportunities to drive strategic initiatives at an organizational level. Because we invest in our employees' growth through training and mentorship, there are continuous pathways for advancement within the company.

The team culture for the Senior Manager, Security Engineering at 6sense is collaborative and focused on growth and accountability. Team members are encouraged to take risks, support one another, and be proactive in fostering a positive and innovative working environment.

Considering your role, it’s important to highlight specific projects or initiatives where you implemented application security measures. Discuss your approach to secure code reviews, vulnerability assessments, and any security tools you used to enhance security practices within your team.

Begin by researching industry standards and best practices to create a framework for the program. Discuss how to engage with ethical hackers, define scope, and determine the rewards for finding vulnerabilities. It’s important to emphasize fostering relationships with external security researchers and maintaining transparency.

You should mention attending conferences, participating in webinars, reading security blogs, and engaging with professional networks. Additionally, highlight any relevant certifications, training programs, or frameworks you follow to ensure that your skills and knowledge remain up-to-date.

Provide examples from your previous roles where you fostered collaboration between security and other teams like Development and Infrastructure. Highlight your strategies for effective communication, setting clear expectations, and ensuring everyone understands the importance of security in their workflows.

Be sure to discuss specific tools you have implemented or managed, such as AWS security services, CNAPP, or CSPM solutions. Share examples of how you’ve leveraged these tools to improve infrastructure security and reduce vulnerabilities.

Discuss your philosophy on mentorship, including regular one-on-one meetings, providing opportunities for professional development, and encouraging team members to pursue training or certifications. Emphasize the importance of creating a supportive environment for growth.

Show that you understand the principles of NIST frameworks like NIST 800-53, and explain how they guide your approach to security controls and risk management practices. Discuss how you’ve applied these frameworks in previous roles to enhance security posture.

Metrics can include vulnerability remediation times, the number of security incidents, employee training completion rates, and improvements in security assessments. Highlight how you would tailor these metrics to fit the specific needs and goals of 6sense.

Share a specific case where you took decisive actions to mitigate a security threat. Discuss your approach, the steps taken to resolve the issue, and how you communicated with stakeholders to ensure transparency and alignment during the incident response.

It’s essential to convey your organizational skills and decision-making framework. You might mention using risk assessments to prioritize initiatives based on potential impact, efficiency in workflow management, and effective communication with stakeholders to align on priorities.