As Roof Stacks, we have been carrying out innovative projects since 2015. We aim to become a global actor in Tourism Systems, Extended Reality(AR/VR), Blockchain Technologies, Game Development, and Financial Technology, which are our areas of expertise.
We focus on creating a difference with the technologies we develop and designing the future. In addition to our central office in Ataşehir/İstanbul, we have branches in Antalya and Elazığ in Turkey.
We have strengthened our position in the global market by opening a new office in Austin, USA, which hosts world technology giants from all over the world.
Job requirements:
Requirements:
• Extensive experience leading application security teams, preferably within SaaS environments.
• Exceptional communication and interpersonal abilities, capable of effectively collaborating with multidisciplinary teams.
• Advanced analytical and management skills.
• Deep knowledge of common application security risks, such as those listed in the OWASP Top 10, and best practices in secure coding.
• Expertise in cloud security services across AWS, Google Cloud, and/or Azure, including IAM, key management, and secure networking practices.
• Proficiency with penetration testing tools and techniques.
• Experience in Security Incident management and/or operating within a SOC (Security Operations Center), including familiarity with SIEM systems, is advantageous.
• Familiarity with containerization and cloud-native security tools (e.g., AWS Security Hub, Google Security Command Center, Azure Defender).
• Relevant professional certifications (e.g., CISSP, CISM, SANS GIAC, OSCP, AWS Security Specialty, Google Professional Cloud Security Engineer) are beneficial.
• Proficient in both written and spoken English.
• Prior remote work experience is not mandatory but is considered an asset.
Key Responsibilities:
Key Responsibilities:
• Direct and oversee the application security program, ensuring it aligns with the broader Security strategy.
• Support the platform team in their day-to-day operations, projects, and personal development through guidance and mentorship.
• Manage the vulnerabilities management process in close collaboration with the Engineering teams, providing important metrics to the Security Director.
• Champion the adoption of Secure Development Life Cycle practices within the Platform Engineering team.
• Maintain robust security architecture across Platform, Data, Development, and Product teams.
• Implement threat modeling practices into product design and development processes.
• Aid in the enhancement and upkeep of security tools used in the CI/CD pipeline.
• Organize and facilitate penetration testing activities, including defining the scope, planning, and analyzing outcomes.
• Collaborate with infrastructure and cloud teams to ensure secure configurations across multi-cloud environments, including AWS, Google Cloud, and Azure.
• Develop and implement security best practices for containerized applications and orchestration tools (Docker, Kubernetes, GKE, AKS).
• Provide leadership in incident response processes, ensuring robust cloud-based security incident management and recovery procedures.
• Conduct regular audits of cloud security configurations, ensuring compliance with industry standards and frameworks.
