Application Security Director

Overview:
Two Barrels is hiring an Application Security Director to build, lead and develop our Security team. You will be a traditional company employee. This is a full-time 40 hours/week position with company benefits.
As a "Director," you will be responsible for overseeing security as well as actually doing the work of a security engineer as we grow this team. Ultimately, if you are solely looking for the prestige of being a "Director," this probably isn't the right place for you. We are not looking for a figurehead to fill this seat; we want someone who is going to get their hands dirty and do the work. But because your title will be "Application Security Director," you will need to be able to push and grow the team. You have been there and done that in the security world, help some people out!
You like being hands-on and doing the actual work, but you also like the tactical part of this and looking at things from a higher level. You are a professional and don't laugh at job titles like "Penetration Tester" even though it's funny. More importantly, you know what someone in that role is doing, and you can do some of it yourself if not all of it. Your role is technical, but you're also a leader, so you're a technical leader. We have Operations Managers who aren't technical, so we need you to be technical... so you're a technical leader of technical people who do technical things.
This is a remote or work-wherever-you-want position. Of course, we'd prefer you be around Spokane, Salt Lake, or Austin to have a hub based out of one of our three main offices, but we're open to good talent anywhere in the US.
Location:
Remote | Spokane - Austin - SLC |
Duration:
Full Time
Wage:
Up to $200,000/year
Responsibilities:

• Solve problems, don't just bring them to our attention
• Find open source solutions, we like to build things, not buy things
• Create cutting-edge processes that will leverage automation to improve our resiliency and position ourselves better to respond to security events
• Develop and implement a comprehensive security strategy that aligns with our business objectives and priorities
• Drive education initiatives company-wide to create security-minded employees
• Lead security initiatives and ensure compliance with applicable regulatory requirements, such as HIPAA, PCI, and GDPR
• Stay up to date on the newest security technologies and methodologies
• Provide development and feedback to team members
• Responsible for team growth

Minimum Qualifications:

• Be a good human
• Ability to code and work with Software Engineers (Ruby is ideal, but general software coding is required)
• Have a build versus buy mentality
• 5+ years of experience in Computer Science or a related field required with at least 2 of those years in Security
• 2+ years in a technical leadership role
• Experience with building, managing and developing a team
• Experience with Linux and the ability to secure Linux-based systems
• Working knowledge of the Ruby on Rails framework, including its security features and vulnerabilities
• Able to identify the problem, not just the symptoms
• Ability to take a holistic approach to security, identifying vulnerabilities and risks across the entire system, including areas that individual teams or departments may overlook or not be aware of
• Comfortable working in an ambiguous environment
• Solid understanding of AWS infrastructure, including security features, compliance requirements, and best practices for securing cloud environments
• Basic understanding of Kubernetes architecture, its security features, and how to secure Kubernetes clusters
• Open source solutions are your go to

Preferred Qualifications:

• Experience in leading security incident response efforts
• You have grown a security group from the ground up
• You're a nice person
• You thrive on the chaos of a place that is always coming out with great ideas

Why you might like this job:
You think like a hacker and know what they're going to do, but you are one of the good guys and want to use your security powers for good, not evil. You recognize real security risks and pride yourself on identifying the problem and not just the symptoms of the problem. You want to educate people, including developers and customer service reps, about how to avoid security problems.
We're family owned and provide a secure platform for our clients to do good work, and we want to keep it that way. Privacy, security, and ease of mind for our people; let's keep that going. We have a lot of good people here who want to see that continue, and you want to push it farther down that road.
#BI-Remote
Benefits:

• Great Wage & Success Meetings with your manager
• Work From Home comfort package & company provided equipment
• 22 days paid time off annually, PLUS 4 paid holidays
• 4% 401k employer matching through Fidelity
• 100% employer-paid medical, dental and vision for employees
• Maternity and Paternity Leave
• Flexible hours
• Coffee shop next door
• Crappy parking? Oh, I mean a cool downtown location for easy public transportation options...