Transfr provides engaging, hands-on training in a way that online lectures cannot. We create a better way to train young adults for the skills they need to succeed on the job. We focus on developing a pipeline of talent for jobs that are going unfilled, significantly reducing cost and risk.
We produce job-training simulations in virtual reality designed by each industry that teaches novices in the same manner that experts master their crafts - through trial and error. Data-driven simulations work like virtual coaches, adapting to every person’s pace and skills while responding to their mistakes. Our immersive Experience Training method helps trainees build confidence in their knowledge, skills and abilities.
Position Summary:
Transfr is hiring a Head of Security. This individual will be a key member of the Engineering team as the Cyber Security expert keeping the business safe from external and internal threats and making a difference in digital product security.
This is an excellent opportunity for someone who is a self-starter, results-oriented, solves challenging security problems, and secures Transfr’s Systems' Intellectual property and customers' data.
This position can operate fully remote or hybrid from our headquarters in New York, NY.
-
Ensure security is designed and integrated into digital products leveraging the cloud (AWS).
-
Provide security leadership and domain expertise (IaaS & PaaS) in the cloud cyber security in AWS.
-
Lead various cloud security aspects like network, compute, storage, database, and PaaS in the cloud domain.
-
Expert guidance on Application security to engineering teams by leveraging a secure development life cycle.
-
Perform Threat Modeling and Architecture risk analysis on digital software products.
-
Lead Secure code reviews, Vulnerability analysis, and Remediation for digital products.
-
Provide incident handling support for security-related incidents reported for software products.
-
Influence developers to write secure code and implement secure engineering practices.
-
Validates and attests security controls effectiveness in digital products.
-
Collaborate and partner with product and engineering partners like managers, architects, and developers in the roadmap planning, prioritization, and implementation.
-
Function as a cyber security leader in daily Sprint stand-up and provide ownership for all aspects of the security lifecycle in the product release.
-
Develop security awareness inside the organization (fishing exercises, training…)
-
Ability to work in a fast-paced, dynamic environment with shifting priorities; must be comfortable with the change and actively drive improvements.
-
Bachelor’s degree from an accredited university or college
-
8+ years with increasing level of responsibility in cybersecurity and information security
-
Highly skilled security engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications in the cloud
-
Strong expertise in Product Security (SSO, web authentication and authorization, no elevation of privilege etc), Cloud Platform Security and Enterprise/IT Security
-
Thrive in a customer-focused, tight-knit and cross-functional environment - being a team player and willing to take on whatever is most impactful for the company
-
A proactive and positive attitude to lead, learn, troubleshoot and take ownership of both small tasks and large features
-
Experience with SOC 2 Type 2 certification.
-
Ability to roll up your sleeves and operate at a granular level where you are skilled at doing instead of delegating
-
Successful record of developing, implementing, and executing security strategy to include risk mitigation and vulnerability assessments
-
Familiar with Infrastructure as Code (IaC) scripting language (ARM, Terraform, PowerShell, CloudFormation)
-
Experience conducting static code reviews and applying security auditing and/or dynamic scanning testing principles and tools
-
Working knowledge of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls
-
Experience securing applications within the AWS cloud platform
-
Knowledge of secure architecture and design principles
-
Familiar with Risk Controls frameworks and procedures (NIST800-53, ISO, etc.)
-
Knowledge of Web/API security architecture common authentication and authorization technologies (OIDC, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust) preferred
-
Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc.)
-
Good understanding of Privacy standards like PII, GDPR, CCPA etc.
-
Familiar with Governance, Risk, and Compliance functions within a cyber security program..
-
Familiar with Threat management and incident response functions within a cyber security program.
The base salary range for this position is expected to be between $160K and $220K depending on experience. In addition to salary this role will be eligible for additional company benefits such as stock options, 401(k), paid vacation and sick time, and medical/dental/vision insurance.
At Transfr, we embrace diversity because it breeds innovation. Transfr is an equal opportunity employer that participates in E-Verify committed to providing equal employment opportunities to all applicants, consultants, and employees, and prohibits discrimination and harassment of any type without regard to race, color, religion, age, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
**Must be authorized to work in the United States without restriction**
#LI-Remote
#BI-Remote
Learn more at transfrinc.com