Director of Security Operations - Walnut Creek

Company: Alpine Software Group
Location: Walnut Creek
Posted on: November 6, 2024

Job Description:

ASG is an unconventional group of market-leading SaaS software companies serving industries ranging from behavioral health to transportation to childcare. ASG believes deeply in the power of people and data to grow great organizations and that sharing knowledge, expertise, and resources across its community of businesses drives exponential growth. ASG has acquired over 50 businesses since its inception in August of 2016. We are backed by Alpine Investors and operated by world-class PeopleFirst() leaders. Founders of leading SaaS companies continue to trust ASG to grow their businesses and build even stronger legacies for the future. To learn more, visit www.alpinesg.com .JOB DESCRIPTIONWe seek an experienced, hands-on Director of Security who can help our operating companies build the most secure platform. You will help our companies operationalize security best practices across our portfolio and drive best practices in application security testing, penetration testing, secure coding, infrastructure, audit, risk assessment, compliance, and incident response programs.You will join an elite team of subject matter experts at the holding company, helping implement engineering strategy and best practices across the portfolio. Through acquisitions, you will get an opportunity to understand a wide array of tech stacks and software products and deploy a diverse set of growth strategies throughout the hold period of our investments. You will also learn from and pair with extraordinary leaders across our business.The ideal candidate should have hands-on experience securing/auditing web and mobile applications, effective incident response, risk assessment, obtaining compliance, and strategically raising a company's security posture. The role will report directly to the CTO at ASG.You're Excited About This Opportunity Because You Will:

• Perform/manage AppSec and penetration testing and provide recommendations for various mobile and web apps as well as APIs and other web infrastructure.
• Conduct forensic investigations to analyze security incidents, understand root causes, and develop strategies to prevent future occurrences.
• Support due diligence, assess security postures,identify potential risks and integration challenges during the deal process.
• Assist in businesses' exit processes, ensuring security compliance, proper documentation, and mitigating any potential security risks that could impact the sale.
• Conduct red teaming and threat modeling for various web applications, API, and Mobile apps.
• Review Azure/AWS/GCP security footprints in concert with our DevOps teams and provide recommendations.
• Assist in all aspects of audits, including risk assessments, planning, testing, control evaluation, and reporting.
• Recommend process, technology, operations, and compliance enhancements to improve the security of the portfolio companies.
• Develop and lead cyber security strategy and foster a community of Cyber Security leads across our portfolio.
• Be an effective teacher/coach and help train our teams on security best practices.
• Manage incident response through vendors and address the portfolio's security needs.
• Assist portfolio companies in getting and maintaining SOC2, PCI, HIPPA, CCPA, CPRA, and GDPR. (Among the other state/local data privacy laws)
• Be a security subject matter expert and respond to internal/external security questions.
• Provide technical design recommendations to address audit & compliance narratives in partnership with technology SMEs and leadership.
• Be the SME for cloud governance, risk, compliance, policies, and executive reporting.We're Excited About You Because:
  • You have a minimum bachelor's degree in Computer Science, Cybersecurity, or a related field.
  • You have 5+ years of experience in web application security testing and/or secure development methodologies.
  • You have a solid understanding of authentication's best practices, ensuring secure access control best practices are enforced.
  • You understand modern web frameworks, APIs, containers, databases, and WAF well.
  • You have experience performing source code analysis.
  • You are familiar with Burpsuite, Nessus, ZAP, Arachni, Kali, and Nmap.
  • You have strong knowledge of cloud security and governance (AWS/Azure/GCP).
  • You have one of the following certificates: CISA, CISSP, CISM, OSWE, OSCP, GWAPT, or GWEB
  • You have conducted incident response and/or hold the GCIH or GCFR certification
  • You have experience in SOC, HIPAA, GDPR, or PCI DSS.
  • You have experience performing risk assessments and appropriately prioritizing risk.
  • You have excellent written and verbal communication, presentation, and listening skills, and you can present complex technical information to various technical and non-technical audiences.
  • You possess a proactive, solution-oriented, problem-solving mindset -- "I'll figure it out."
  • You thrive in a small, growing, fast-paced, results-oriented environment.Base Salary Range: The target salary range for this position is $200k- $300k, and is part of a competitive total rewards package including an annual bonus, employer-paid benefits, L&D stipend, and incentive pay for eligible roles. Individual pay may vary from the target range and is determined by a number of factors, including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually at a minimum to ensure competitive and fair pay.Accepted file types: pdf, doc, docx, txt, rtfAccepted file types: pdf, doc, docx, txt, rtf LinkedIn Profile Website We're better together when we're different, together.At ASG, we strive to create engaged and inclusive workplaces that celebrate and reflect the global nature of our employees and the customers we serve. We believe that talent is based on what you can do, not what you've done. And we know that supporting a diverse team with varied lived experiences advances equality, inspires innovation, and ultimately drives better business outcomes. Our mission is to build vertical SaaS platforms that are a force for good for their employees, customers, and the world. So we've built a company (of many companies) where difference is valued, learnings are shared, and potential is unleashed. Join us. I ndividuals seeking employment at ASG are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us improve our hiring practices over time. Completion of the form is entirely voluntary . Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide is strictly confidential and is not tied to your direct application. Select... Ethnic and Race Identification * Select... LGBTQ * Select... Select... How did you initially hear about this job? * Select...
    #J-18808-Ljbffr

Keywords: Alpine Software Group, Citrus Heights , Director of Security Operations - Walnut Creek, Executive , Walnut Creek, California