EY - Senior Director - Product Security

- In today's world any organization or individual is constantly under the threat of cyber attack and this is proven through a steady rise in the security incidents and data breaches year on year. Being a leader in Data Protection and Security provider as-a-Service, Product Security is critical to Druva's continued success. This role sits at the heart of our product security development team as a leader of the Product Security team.

Primary Responsibilities :

- Build and lead scale a diverse highly skilled team of Product security engineers, architects, and subject matter experts

- Develop, implement, and maintain product security strategy for Druva products

- Expert in identifying and forecasting the security threats related to Druva products & help build a security strategy to keep at pace with the industry standards to help Druva products stay ahead of the curve

- Establish product security design standards - building in security best practices at the beginning of the software development life cycle, along with identifying any gaps in existing application security controls and to come up with recommendations and work around solution to minimize the risk

- Take a leadership role in driving security and privacy/data initiatives and ensure end-state product meets regulatory requirements & act as a Security SME support to development teams

- Partner with development team leaders (and business stakeholders) to set the course for secure development practices for existing and future products and features for better security at every step of the development lifecycle

- Perform security design reviews and regular security assessments (analyze, assess, and remediate) to ensure systems supporting our product lines meet the established software design standards

- Implement risk-based analysis and mitigations using threat modeling and related techniques for all in-scope products

- Engage in application and domain-specific threat modeling, and attack surface analysis and reduction

- Deep interaction with software product teams to help enhance their application security posture and successfully roll out secure SDLC

- Initiating the POC on latest security systems, controls to enhance the critical products security posture

- Advise product stakeholders on security risks and mitigation steps to strengthen product security posture

- In depth of knowledge in Threat Modeling, Cryptography, network protocol TCP/IP, HTTP, SSL/TLS, Secure code-review and penetration testing will be useful to successfully deliver this role

- Development experience with Open Source tools using languages/technologies such as Python, Golang, SQL, JS.

Desired Skills :

- Strong technical experience in the software security (Application, Web, Web service, Network and Cloud)

- Expert-level knowledge and experience in identifying multiple classes of vulnerabilities that includes cross-site scripting, SQL Injection, CSRF, cryptographic related weakness, and code injection.

- Experience in automating security testing and improving productivity in security assessments.

- Experience in conducting security assessments in cloud infrastructure / platforms.

- Good understanding and knowledge in web frameworks and architecture.

- Excellent written and verbal communication skills.

- Experience with managing a small team.

- Travel Position based in Pune