Director of Security

Gridspace is looking for a Security Lead to manage compliance and security operations. The candidate should be organized, thorough, and have a strong technical background in IT, systems administration, and/or network engineering. Most importantly, candidates should have a desire to work with a world-class engineering team to secure massively scaled cloud services.

Technical responsibilities will include:

• Become the primary security expert for multiple product lines, and act as the point of contact for engineering and security.
• Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure the architecture.
• Help to automate common security tasks and patterns.
• Research and analyze the latest capabilities of specific Information Security (e.g. Cloud services, encryption, PKI etc.) and IT technologies (e.g. operating systems, networks, storage, virtualization etc.).
• Manage the IT infrastructure including endpoint management, single sign-on, anti-malware, event notifications, etc.
• Assist co-workers in maintaining security of their devices and processes.

Operational responsibilities will include:

• Familiarize yourself with common private sector security standards including PCI, HITRUST, and SOC2.
• Act as the primary contact with all security compliance audits and client due diligence questionnaires.
• Work directly with partner teams to understand our corporate infrastructure and business operations solutions and serve as subject matter expert to identify key risks to our security posture.
• Create threat models for both external and insider threats that directly influence designs, risk tolerance, and roadmaps.
• Maintain the schedule of daily, weekly, monthly, and annual compliance related tasks.
• Lead the physical security efforts of Gridspace assets and properties.
• Run company-wide phishing tests, security awareness training, and regular status meetings with management.
• Manage and evaluate third party services and vendors.

You have:

• Strong technical aptitude with project management skills, capable of learning emerging products and creating plans to support the business
• Experience with GCP, Kubernetes, or distributed cloud-based environments
• Experience working in a high security and/or highly regulated industry. We would love to have you take the essentials of what you’ve learned and apply them to the unique challenges Gridspace faces
• Experience securing large Python codebases is a plus
• Experience managing a SIEM such as SumoLogic
• Experience with endpoint management and security such as JumpCloud and Crowdstrike Falcon is a plus
• Experience with performing or managing network and application penetration tests
• Experience achieving PCI, HITRUST, SOC2, or FedRAMP certifications are a plus
• Experience with managing outside vendors and customer relationships is a plus
• Military experience is a strong plus