Federal Security Director

Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.

Our Opportunity

Snyk is looking for a Federal Security Director with experience in the areas of FedRAMP, US federal customer requirements, and other public sector security needs. We are building out a new Federal practice and SaaS offering within Snyk’s Trust Office to support the company’s rapid public sector growth. You will have a unique opportunity to help build and shape the technical capabilities and the overall trust program from an early stage. This role will report directly to the Chief Information Security Officer.

You’ll Spend Your Time:

• Security Planning: Designing, developing, and maintaining detailed System Security Plans (SSPs), ensuring they adhere to the high standards set by the FedRAMP requirements
• Security Implementation: Guaranteeing that the security controls defined in the SSPs are correctly implemented, in line with FedRAMP guidelines, and that any amendments to these guidelines are promptly adopted
• Security Assessment: Facilitating comprehensive security assessments executed by independent third-party assessment organizations (3PAOs), and utilize the findings to fortify our compliance with FedRAMP directives
• Continuous Monitoring: Implementing an effective strategy for continuous auditing and monitoring of our systems, ensuring they remain compliant with FedRAMP regulations, and promptly identify and rectify any emerging vulnerabilities
• Incident Response: Coordinating incident response protocols and manage the recovery process during any security breaches or cyber threats
• Ensuring quick, effective remediation of security issues to minimize downtime and impact
• Reporting: Preparing comprehensive and detailed reports regarding the system's security status for FedRAMP officials, internal stakeholders, and other interested parties
• Identify any areas of concern and provide well-informed recommendations for remedial action as necessary
• Spearheading educational initiatives to increase staff knowledge on FedRAMP requirements, the critical importance of compliance, and best practices for maintaining system security

What You’ll Need:

• Proven experience in cloud security, risk management, and conducting security assessments
• Strong communication skills with the ability to effectively liaise with both technical and non-technical stakeholders
• Proven experience in delivering effective training sessions on complex security subjects to a diverse audience
• The ability to think strategically and act decisively in high-pressure situations
• Prior experience working as an ISSO in a similar industry
• Familiarity with advanced cloud technologies and architectures
• The ability to manage multiple high-priority tasks simultaneously
• Proven leadership and team-building skills
• The ability to quickly assimilate to new knowledge and remain current on new developments in access management tools and capabilities and industry knowledge
• Familiarity with securing identity across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)
• The ability to deliver both detailed technical reports to enable access remediation and business-friendly reports to demonstrate progress and track risk
• Be able to handle ambiguity and collaborate with a global team
• Be comfortable communicating with business executives and technical teams

We’d be Lucky if You: 

• Have experience working within the DevSecOps industry 

We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!

Life at Snyk 

Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk. See our Life at Snyk page for more!

Benefits & Programs

Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.

• Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development
• Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers
• Health benefits, employee assistance plans, and annual wellness allowance
• Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances

#LI-TF1