Product Security Team Lead
Ping Identity | Security (8100) | Denver, CO
At Ping Identity, we're changing the way people think about enterprise security technology. With our innovative Identity Defined Security platform, we're helping to build a borderless world where people have total freedom to work wherever and however they want. Without friction. Without fear.
We're headquartered in Denver, Colorado, and we have offices and employees around the globe. And we serve the largest, most demanding enterprises worldwide, including over half of the Fortune 100. Because even in the most complex enterprise environments, security shouldn't be a source of anxiety. It should be one of your greatest competitive advantages.
We call this digital freedom. And it's not just something we provide our customers. It's something that drives our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.
As a Product Security Team Lead working in Ping’s Denver or Austin offices you will lead the IDaaS application security practice at Ping and serve as the primary point of contact for our IDaaS engineering team. You will manage a team of product security engineers who are embedded into the IDaaS development teams throughout Ping. You will work with the Product Security Manager to apply our secure SDLC strategy. The position requires a passion for implementing change, leading people, application security, securing SaaS application across multiple cloud environments and geographies, the ability to work in a fast moving, distributed and CI/CD environment, excellent communications skills, and attention to the latest security best practices.
- Implement and enhance Ping’s secure SDLC strategy for in our IDaaS environments
- Implement and enhance Ping’s Secure Software Development Lifecycle (SSDLC) practices
- Create and report on key performance indicators (KPIs) for each SaaS SSDLC practice
- Lead a team of application security engineers
- Own Security Engineering tasks for Ping’s IDaaS platforms and PingCloud offering
- Work with the product teams to perform security design/code reviews and vulnerability management in CI/CD environments
- Enable security tasks and security controls including (but not limited to) threat modeling, secure code training, component vulnerability management, static analysis, dynamic application and interactive application analysis, and automated/manual security testing
- Lead automation efforts for SSDLC tasks
- Assist the support team to respond to customer and field questions related to product security
Engage with third party security consultants for independent penetration testing of product for validation of our security program
- 5+ years of development and SaaS application security experience
- Understanding of network protocols and architectures such as TCP/IP, UDP, IPSEC, TLS, HTTP, routing protocols
- Exceptional problem solving skills, curious about the inner workings of distributed systems, showing attention to detail
- Excellent written and oral communication skills
- Experience with identity management (OAuth 2.0, SAML, OpenID Connect, Active Directory, LDAP, REST APIs, Provisioning, Multi-factor Authentication, Authorization, etc.)
- Experience in securing cloud, SaaS or mobile applications
Security certifications such as CISSP, CSSLP, GIAC