Apply on Employer Site

Bumble Inc. · 2 months ago

Director of Application and Product Security

US TX Austin

Full-time

Hybrid

Director/Executive

$240K/yr - $258K/yr

Bumble Inc. is seeking a forward-thinking Head of Application and Product Security who will empower their secure SDLC and align closely with the Trust and Safety team to protect user data. The role involves leading the application and product security team, enhancing security practices, and collaborating with cross-functional teams to safeguard user interactions.

Computer Software

Responsibilities

Responsible for the continuous development of an advanced secure SDLC framework, incorporating automation, machine learning, and contextual threat analysis

Ensure that any software developed and/or deployed meets the high standards expected to ensure the security and privacy of our customers

Enhance Bumble Inc.’s mobile and web application defences using the latest techniques in software composition, static and dynamic testing and threat modeling for systems written in Kotlin, Swift, PHP, Go and C

Conduct sophisticated security assessments and penetration testing to preemptively identify and mitigate potential threats

Lead and expand the application and product security team, fostering a culture of continuous learning and innovation in security practices

Collaborate extensively with our Trust & Safety area (including Product, Technical, Legal, Ops, and Policy) to develop technologies and processes that safeguard user interactions and data privacy across all platforms

Regularly update and present to senior management on security posture and product incident response

Own key metrics around product security incidents, and risk trends in the codebase

Supervise the application security efforts across the software engineering teams, providing technical guidance, and manage the application security budget and drive a security-first approach to software development and delivery

Promote active, continuous learning and improvement within your team. Cultivate team members’ growth through feedback, coaching, and career development

Manage multiple concurrent projects while effectively solving problems that cross product boundaries

Establish strong partnerships and champion quality throughout a cross-functional organization to support the best possible security and engineering outcomes

Support developer productivity, through training, driving solutions and tooling

Qualification

Application Security ManagementSecure SDLC FrameworkMobile App SecurityThreat ModelingPenetration TestingSoftware Engineering Best PracticesCollaboration with TrustSafetyEmpathy in FeedbackCommunication SkillsContinuous Learning

Required

Bachelor's degree in Computer Science or related technical field; or relevant certifications such as OSCP, or equivalent publicly verifiable practical experience

Demonstrated experience in managing application security in high-stakes environments, preferably with exposure to both consumer and enterprise applications

Deep technical expertise in modern mobile app security, legacy and modern application architectures (e.g., microservices, containerization)

A strong understanding of social engineering and other user-centered attack vectors

A track record of successful collaboration with trust and safety teams is a strong plus

Strong expertise in software engineering best practices

Experience in managing highly skilled application security assessors or engineers

Strong written and verbal communication skills, with high attention to detail

A subject matter expert on security-critical areas such as authorization, authentication, and/or cryptography

Excellence as a great teammate who thrives in a collaborative environment

Ability to communicate with empathy when delivering constructive feedback to engineers

Be a constant learner who looks to solve interesting and challenging problems

Humble expert with a sense of urgency

Skilled at taking complex topics and making them simple