
Sr. Director, Cybersecurity
6 days ago
We specifically seek a hands-on, technical security leader. You bring experience building security monitoring, reference architectures, deploying tools, integrating platforms, assessing modern cloud-native applications and infrastructure - and leading teams executing that mission successfully. You lead with an open mind, a can-do attitude, seek truth and alignment over winning arguments, and see incident response as an opportunity to learn, grow, and improve partnership across our global teams.
Program Leadership
- Define the Cyber Security Strategy for Bugcrowd and identify areas of improvements to the threat landscape, internal risk tolerance objectives, and/or compliance objectives.
- Ensure the technical aspects of vendor acquisitions and tools are safe for Bugcrowd’s use, in unison with the IT and compliance teams.
- Assess corporate technology systems, determine strategy for changes, enhancement and improvements; recommend and implement the same, from the perspective of cyber security.
- Carry out and fulfill the cyber security strategy of bugcrowd, proactively improving the security posture with time.
- Work with GRC to assist in designing, develop, implement and coordinate areas of policies and procedures for compliance with SOC-2, NIST 800-53v4, ISO27001,ISO27018, and FedRAMP.
- Represent Bugcrowd in the internal and external audits for SOC-2, ISO27001, and ISO27018.
AppSec and Product Security Leadership
- Manage Bugcrowd’s bug bounty program, ensuring that clients have a standard to aspire to, when running their own bounty programs.
- Analyze new features prior to development or launch, to ensure the security measures in place are sufficient for the project. (security architecture and security testing)
- Manage the access controls for Bugcrowd’s production codebase (GitHub).
- Approve and analyze authorisation requests to production data (AWS, GitHub, Tableau, etc.).
- Perform regular audits of Bugcrowd’s cloud infrastructure, alongside helping with architecture of any cloud solutions from the security perspective.
- Manage and audit all vulnerability scans (internal and external) for all of Bugcrowd’s systems (Qualys and Nessus).
- Proactively test and identify issues within Pull Requests and production to find issues (code review & penetration testing).
- Automate security tasks to proactively identify and fix security issues within Bugcrowd. (Python, golang, JS, Ruby)
- Perform configuration management upon all Bugcrowd systems (IT and cloud).
- Perform code audits on new features, patches, etc.
Security Operations, Detection and Incident Response
- Perform IR for all parts of the business (on-call 24x7) and perform root cause analysis upon the incidents to properly mitigate them in the future. Aid with forming an Incident Response Plan (IRP) based on these incidents.
- Perform threat intelligence to proactively find issues relating to Bugcrowd’s security posture.
- Plan implementation of security controls, in unison with the required teams (infra, eng, secops, IT, compliance, Researcher Success (RS), etc.).
- Monitor the security controls for all of Bugcrowd’s systems and build a team to do the same. (SIEM usage)
- Perform malware analysis on any potential malware, should the forensic requirements arise during IR.
- Coordinating red team engagements against Bugcrowd and implementing security controls to mitigate any issues found.
- Develop security awareness materials for all roles within the Bugcrowd organisation.
- Aid the Legal team with GDPR related issues from researchers and programs.
Management and Team Leadership
- Perform table top exercises within the Bugcrowd organization to ensure the organization is prepared for future threats.
- Aid with business continuity testing, since the internal cybersecurity team plays a major role within the process.
- Present findings and observations to the ISMS committee.
- Portray and represent the technical controls and engineering areas within the ISMS committee (requirement of ISO27001).
Supervisory Responsibility
- Lead and manage a team of internal cybersecurity professionals.
- Train and grow the security team with objectives that are defined, measured and monitored.
- Support Security Leadership with delegated responsibilities, as requested.
- Take a proactive, collaborative and respected leadership role in the Company to galvanize support of a robust, efficient and secure technology organization.
- Manage a team of hungry and fast growing security professionals with both strong attack and defense skills.
Knowledge, Skills, and Abilities
- Proven work experience leading Cyber Security (penetration testing, red teaming, GRC, IR, secure development, and security architecture) in a startup and growing with the organization.
- Excellent knowledge of technical security controls, including cloud, web application, infrastructure, IT, and compliance.
- Experience in data governance, data architecture, data flow and system architecture to optimize the same.
- Hands-on experience with penetration testing, red teaming, and security patch bypass testing.
- Ability to work independently and must have strong organizational and communication skills.
- Systems / Software (detailed knowledge of the following stack): Mac OS, Python, JavaScript, Ruby, Golang, Java, Kotlin, Postgres, GSuite, Cisco Umbrella, Netskope, Crowdstrike, GitHub, AWS, Heroku, Cloudflare, DataDog, JAMF, etc.
- Familiarity with Jira is a plus.
- Experience related to and assistance with ISO27001, ISO27018, NIST 800-53v4, and SOC2 audits is compulsory.
- Degree in Computer Science, cyber security, MIS or equivalent experience desirable but not required.
- Experience in cyber security with demonstrations of responsibility and technical excellence.
- Must be eager to work hard, to learn many new skills, solve problems, and integrate tightly with the rest of the team.
- Willingness to support a global organization with limited staff via off hours activity while maintaining a healthy work-life balance.
Working Conditions and Physical Requirements
- The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
- Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
- Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
- Environment - remote, work-from-home 100% of the time.
ADA Statement
Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR
#J-18808-Ljbffr-
Senior Cybersecurity Consultant
6 days ago
Singapore Attila Cybertech Pte. Ltd. Full time1 day ago Be among the first 25 applicants Get AI-powered advice on this job and more exclusive features. Responsibilities Being a specialist in the areas of Operational Technology Cyber Security, including Risk Assessment, Vulnerability Assessment and Penetration Testing; Contribute to business development by providing technical support during presales...
-
Cybersecurity Director
7 hours ago
Singapore RANDSTAD PTE. LIMITED Full timeCloud security is a MUST Highly invested team Opportunity to work on large scale of cybersecurity projects about the companyWe are seeking a highly experienced and hands-on Cybersecurity Director/CISO to drive the security strategy.about the job Formulating and implementing cybersecurity strategies, policies, and standards aligned with the company goals....
-
Associate Director Cybersecurity
1 week ago
Singapore NodeFlair Full time**Job Summary**: **Salary** S$14,000 - S$19,000 / Monthly **Job Type** **Seniority** Director **Years of Experience** At least 10 years **Tech Stacks** Strategy AWS play CI Azure As the Cybersecurity Director, you will be the leader overseeing Temus’ cybersecurity landscape. This role entails shaping and executing comprehensive cybersecurity...
-
Director, Cybersecurity Specialist
7 hours ago
Singapore Mizuho Full timeJoin to apply for the Director, Cybersecurity Specialist role at Mizuho Overview Join to apply for the Director, Cybersecurity Specialist role at Mizuho . Responsibilities Act as a single point of contact for all security matters related to the major transformation program. Define and validate security requirements for infrastructure, platform, and...
-
Singapore MUFG Full timeDirector, Global Cybersecurity Awareness and Training Join to apply for the Director, Global Cybersecurity Awareness and Training role at MUFG Director, Global Cybersecurity Awareness and Training Join to apply for the Director, Global Cybersecurity Awareness and Training role at MUFG Get AI-powered advice on this job and more exclusive features. Do you want...
-
Singapore MUFG Full timeDirector, Global Cybersecurity Awareness and Training Join to apply for the Director, Global Cybersecurity Awareness and Training role at MUFG Director, Global Cybersecurity Awareness and Training Join to apply for the Director, Global Cybersecurity Awareness and Training role at MUFG Get AI-powered advice on this job and more exclusive features. Do you want...
-
Sr. Director, Cybersecurity
7 hours ago
Singapore Bugcrowd Inc. Full timeWe are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. We specifically seek a hands-on, technical security leader. You...
-
Director Product Management
1 week ago
Singapore Acronis Full timeAcronis is a world leader in cyber protection—empowering people with cutting-edge technology that enables them to monitor, control, and protect the data that their businesses and lives depend on. We are looking for a Director Product Management (Cybersecurity) who is ready to join us in creating a #CyberFit future and protecting the digital world! We are...
-
Sr. Director, Cybersecurity
2 days ago
Singapore Bugcrowd Full timeWe are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden...
-
Director Cybersecurity Alliances
1 week ago
Singapore MasterCard Full timeThe Mastercard RiskRecon Cyber and Intelligence team is looking for a Director, Cybersecurity Alliances The Cyber & Intelligence (C&I) division is the fastest growing division within Mastercard developing and delivering scalable, world-class security products and services for customers across the globe. Role The Director, Cybersecurity Alliances - AP role...