- At least 5+ years’ experience in cybersecurity, including compliance and risk management with a system and network security engineering background.
- Highly technical and analytical experience, with a proven deep background (preferred 5+ years’ in addition to cybersecurity) in application programming.
- Experience in threat modeling applications.
- Vulnerability and penetration-testing skills.
- Excellence in communicating business risk from cybersecurity issues.
- Proficiency in software development (Java, Python, C++, Ruby, etc.).
- Solid understanding of network and web protocols.
- Experience with security of intra-company and third-party APIs.
- Experience with dynamic and static analysis tools.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Experience with applications hosted in Amazon Web Services (AWS) or Microsoft Azure.
- DevOps background in public and private clouds.
- Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2.
- Working knowledge of Windows, Linux and Unix.
- Familiarity with state privacy laws.
- Highly trustworthy; leads by example.