Our Engineering team built the world's largest cloud security platform from the ground up, and we keep building. With more than 100 patents and big plans for enhancing services and increasing our global footprint, the team has made us and our multitenant architecture today's cloud security leader, with more than 15 million users in 185 countries. Bring your vision and passion to our team of cloud architects, software engineers, security experts, and more who are enabling organizations worldwide to harness speed and agility with a cloud-first strategy.
We're looking for an experienced Director of Engineering to join our Vulnerability Management team. Reporting to the VP of Product Security, you'll be responsible for:
- Lead Vulnerability Management Program: Develop, implement, and improve a comprehensive vulnerability management program. This includes identifying, assessing, prioritizing, and remediating vulnerabilities across Zscaler's infrastructure, applications, and systems.
- Cross-Functional Collaboration: Work closely with security, IT, development, and operations teams to ensure effective identification, communication, and remediation of vulnerabilities. Foster strong relationships to align vulnerability management efforts with business objectives and risk management strategies.
- Risk Assessment and Prioritization: Conduct regular risk assessments to evaluate the potential impact of identified vulnerabilities. Prioritize remediation efforts based on risk, business impact, and regulatory requirements.
- Incident Response and Remediation: Lead incident response efforts related to vulnerability exploitation. Ensure that appropriate measures are taken to contain, mitigate, and remediate security incidents while improving response strategies and capabilities.
- Metrics and Reporting: Establish key performance indicators (KPIs) and metrics to measure the effectiveness of the vulnerability management program. Provide regular reports and presentations to senior leadership, highlighting program status, progress, and areas for improvement.
What We're Looking for (Minimum Qualifications)
- Vulnerability Management Leadership: 10+ years of experience in information security, with 5+ years specifically focused on vulnerability management, including experience with vulnerability assessment tools and methodologies.
- Management Experience: 5+ years experience of leading information security and/or engineering teams.
- Technical Expertise: In-depth knowledge of various operating systems (Windows, Linux, macOS), network protocols, and application security. Proficiency in using vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7) and security information and event management (SIEM) systems.
- Risk Management and Assessment: Strong understanding of risk management principles and practices. Ability to assess and prioritize vulnerabilities based on risk and business impact.
- FedRAMP Eligibility: Qualifications to operate in FedRAMP Medium and High environments. U.S. citizenship is required for this position due to the nature of the customers assigned to this role.
What Will Make You Stand Out (Preferred Qualifications)
- Advanced Degree: A master's degree in Computer Science, Information Security, or a related field.
- Experience with Cloud Security: Demonstrated experience in securing cloud environments (e.g., AWS, Azure, Google Cloud) and familiarity with cloud-native security tools and practices. Hands-on experience in incident response, including coordinating responses to security incidents and vulnerability exploits. Experience covering application security, including SAST, SCA, DAST, RASP, IAST.
- Knowledge of regulatory standards and frameworks such as ISO 27001, NIST, GDPR, and PCI-DSS. Experience with compliance audits and reporting.
This role can be remote based within the US.
#LI-remote
#LI-AZ2
