Sr Director of Security at Auth0
Bellevue, WA, US
Thousands of enterprises and millions of users worldwide depend on Auth0 for authentication and authorization of their most mission-critical apps, APIs and IoT devices. Auth0’s top priorities are availability and security.

The Senior Director of Security (SDS) will lead Auth0’s internal security team as well as be Auth0’s externally-focused “face of security.” The SDS reports directly to the CEO and works closely with the senior leadership team to set strategy on security; security is the most important thing we do at Auth0 and will always have extremely high internal visibility to company leadership.

The SDS will own Auth0’s information security framework (policies, processes, standards, tools, training, etc.) as well as its implementation, along with Auth0’s own compliance with internal policies and procedures, to maintain Auth0’s status as a security industry leader. Further, the SDS will provide expertise and guidance on what security measures should be applied to manage risk.

The SDS’s team will program manage Auth0’s adherence to security and privacy compliance standards like SOC 2, HIPAA, GDPR, PCI DSS, FedRAMP and others. The SDS will also educate subscribers and prospects about Auth0’s security practices.

You will work with a team that is not only passionate about security but also likes sharing their experience with others, through blog posts, conference presentations, and open source tools (e.g. Cloud Security Monitoring at Auth0 Part I and II, Detecting Secrets in Code).

Responsibilities

Auth0’s top priorities are availability and security. Your primary responsibility will be to set strategy on security. You will work with the senior leadership team and other leaders of the organization to achieve a balance between mitigating risk and advancing our product and infrastructure.
Responsibilities Include:

Train developers and evangelize good security habits across the entire organization.
Hold at least quarterly security audits to pen-test our production hosts and our various internal components.
Lead the security team to regularly review our systems corporate-wide for security gaps, to perform proactive research to detect new attack vectors, and continuously improve our infrastructure security auditing.
Make leadership teams aware of risk, compliance status and progress against security improvement plans.
As the product and engineering organization grows, drive the team to develop general techniques and frameworks that will help engineers across the company find security flaws before they are introduced into production.
Be a security subject matter expert and respond to internal security engineering questions.
Drive bug bounties, our white hat program (https://auth0.com/whitehat), and other community engagement best practices to improve Auth0 services.
Requirements

You have a strong software engineering background.
You’ve managed teams that have shipped and operated critical security infrastructure.
You’ve successfully recruited great teammates.
You thrive on a high level of autonomy and responsibility.
You have extensive experience working with geographically distributed teams.
You are excited about collaborating with teammates across Auth0, including Product, Engineering and Customer Success.
You are comfortable talking to customers about our internal processes.
You have at least five years of senior information security experience leading security teams.
You’re knowledgeable of current information security threats and risks.
You have prior experience of developing and implementing security frameworks.
You have experience designing internal controls and related procedures, including how controls should operate and what constitutes a control deficiency.
Familiarity with AWS, Node.js, and Docker are all a plus.