The Senior Software Security Specialist is responsible for ensuring Waitr’s software engineering policies and controls are sufficient and compliant with relevant legislative, industry certification, and internal control requirements. They will work with the product and engineering teams to help us ensure the security of our platform and our users’ data.
- Manage a program of compliance analysis, tracking and reporting on compliance status, and management of action plans for any gaps in our policies, procedures and technology platform.
- Effectively communicate technical issues to senior contributors and management.
- Report on the effectiveness of security and compliance controls as well as risk mitigation strategies.
- Develop security standards, procedures, and controls to manage and evaluate risk, with a mindset of continuous process improvement.
- Promote and document best practices on security. Track security progress through security metrics that can be presented to management.
- Facilitate a process to get and remain up to date with all relevant legislation, including state-specific privacy and cybersecurity regulations and financial regulations.
- Manage Waitr participation through internal auditing and testing processes.
- Facilitate Waitr participation in external certification activities (e.g. PCI DSS, SOC, etc.)
- Deliver, assist and provide training on threat modelling.
- Partner with leadership to develop the long-term vision for Waitr's application security, detection and response capabilities and cloud security controls.
- Detect, investigate, and mitigate emergent security incidents
- Run corporate risk assessments
Required Education and Experience
- Bachelor's degree in computer science or computer engineering, or equivalent experience
- 5+ years of professional experience.
- Knowledge of best security practices in a cloud architecture
- Highly proficient in security, risk and compliance concepts, and processes. IIn-depth knowledge of control principles, protocols, practices, and industry standards.
- Have experience and knowledge of PCI Compliance, managing and configuring WAFs, microservices, and native app security (iOS and Android).
- Strong oral and written communication skills; able to interface with senior contributors and management.
- Skills in report writing, project management
- Strong collaboration, prioritization, and adaptability skills required.
- Self-starter, strategic thinker, negotiator, and consensus builder.
- Knowledgeable in advanced security, risk and compliance activities related business and technology processes.
- Familiarity with OWASP vulnerabilities and web and API security best practices.
Preferred Education and Experience
- Industry certifications (CISSP/CISA/GIAC suite/EC-Council)
- Vulnerability assessment or penetration testing experience
- Red teaming, blue teaming or SecOps (SOC) experience.
- Experience working in high-growth environments.