- Washington, US
- California, US
- Massachusetts, US
- Santa Barbara, CA
- Date Posted
- Jun. 14, 2021
At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you’ll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.
You will lead and transform our cybersecurity assurance program into a DevSecOps model where most security processes are automated and are handled by development and operations teams themselves. You will have a focus on automation and scale, and develop centralized tools, guidance, training, scanning, and reporting that will enable these teams to quickly deliver value to our company and customers. In doing so, you will be helping to protect customers and enable Sonos to continue to deliver delightful sound experiences to our customers worldwide.
What You’ll Do
- Collaborate with security, technology, and business teams to define new and mature existing security governance policies and processes.
- Work with security and technology teams to identify, assess, prioritize, and drive mitigation of cybersecurity risks to Sonos.
- Drive engineering and security teams to build processes and automation to drive focus, visibility, and accountability for security policy compliance using a DevSecOps approach.
- Communicate complex and technical issues to diverse audiences, verbally and in-writing, in an easy-to-understand, authoritative, and actionable manner.
What You’ll Need
- 5+ years of professional work experience in a technology field where you solved complex problems through influence and strong organizational skills.
- 3+ years of security experience in cyber incident response, software vulnerability management, secure coding (SDL), penetration testing, red teaming, security operations, or security assurance.
- The ability to maintain a professional approach and organize your work and that of others while under pressure.
- Be able to communicate complex and technical issues to diverse audiences, verbally and in-writing, including in ways that a non-security technical audience can easily understand.
- Experience with cyber security assurance and governance, and familiarity with the DevSecOps approach to driving security governance.
- Experience in leading projects through the entire lifecycle while maintaining strong situational awareness and communication with direct stakeholders and leadership.
- Significant knowledge in one or more information technology related fields that include cloud services, authentication, PKI, system administration, software development, networking, or security architecture.
- Working knowledge of a range of security-related subjects such as threat hunting, threat modeling, digital forensics, reverse engineering, phishing, and penetration testing.