Product Security Lead

About VehoVeho is a technology-driven shipping company that enables personalized next-day package delivery, extending partner brand value. Veho brand partners have seen a 20% increase in customer repurchase, 40% increase in customer lifetime value, and 8% rise in net promoter score.  Veho gives package recipients greater insight and control, letting them know when they will receive their package, when drivers are en route, and enables real-time rescheduling, address changes, and personal delivery instructions. Veho's technology matches demand for package delivery with a network of qualified crowdsourced driver partners, ensuring every package is delivered on time and correctly.The concept for Veho started as a school project while co-founder Itamar Zur attended Harvard Business School. Zur constantly experienced issues receiving packages - from getting the dreaded “we missed you” note, to stolen packages. He set out to fix the problem so many customers and brands face.Today, Veho’s robust technology platform provides customers and e-commerce brands with an unparalleled shipping experience, an industry record 99.9% average on-time performance for next-day delivery and an average 4.9-star customer rating. With teammates in 30 U.S. states, Veho will be in 50 markets by the end of 2022.  About The RoleVeho’s Chief Information Security Office is looking for an experienced professional to manage and execute efforts to strengthen a foundation of security across Veho’s products, including 3rd party products and their integrations. The role will serve as an expert advisor to the engineering and IT teams. The candidate will contribute to the definition, development, implementation, and maintenance of our product security framework ensuring that best practice initiatives are achieved for system and data integrity, availability, accountability, and assurance. The position will both oversee and execute all aspects of product security functions including architecture, threat modeling, application security, code reviews and assessments.  The role will drive efforts to deepen security engagement early in the software development lifecycle, reducing rework and improving speed to delivery. The role will partner and collaborate with Product and Engineering leadership to establish and evolve processes, controls, and the product security program.

Responsibilities Include

• Review engineering design and architecture, vulnerabilities, code and other findings for products deployed.Identify common security design patterns and influence the adoption of scalable and automated secure platforms and solutions.
• Identify opportunities for improvements to security tooling and automation.
• Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences.
• Improve security tooling to facilitate a highly automated and scalable SecDevOps model. Mentor product engineering teams on how to approach security in their day to day work.
• Establish, augment and automate Veho’s security scanning and testing capabilities, bootstrap efforts and execute fixes in alignment with Veho’s vulnerability management policy, ensure findings are triaged and remediated by engineering or other peer teams.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program.
• Partner with application engineering, core services and infrastructure engineering, site reliability engineering and other applicable teams to embed security scoring into overall production readiness scoring, using industry best practices such as BSIMM or similar.
• Contribute to security compliance efforts such as ISO27001 / SOC2 certification, privacy and data security law compliance by providing the necessary capabilities and artifacts.

Skills & Qualifications

• BS, BE, BTech or MS in Computer Science, Cybersecurity, Information Technology or other related fields. Equivalent years of experiences without a degree are considered.
• 10+ years of relevant education and/or work experience.

#LI-RemoteVeho is a growth company that looks for team members to grow with it. Veho offers a generous ownership package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Veho employee shares one galvanizing mission:  to revolutionize the world of package delivery by creating exceptional experiences for customers and drivers.  We are deeply value-driven (Ownership, Candor, Team Success, Human) and care tremendously about investing in people.  We are committed to creating a diverse team and an environment that provides everyone with the opportunity to do the work of their lifetime. Veho is unable to provide sponsorship at this time.  Applicants must be able to understand and effectively communicate orally and in writing with all parties regarding work matters, which are generally conducted in English.  Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.