Senior Engineering Manager, Security
Toronto, ON, Canada
Posted on Friday, February 9, 2024
We are seeking an experienced and hands-on Senior Security Engineering Manager to lead our security team. In this role, you will collaborate closely with engineering and cross-functional teams to ensure the security of Top Hat's products and organization. Beyond technical expertise, your focus will be on establishing yourself as a valuable team member and leader, coaching your team to success, and bridging crucial communication gaps between the engineering team and senior leadership.
As the voice of security in the education industry, you will identify the right security investments to help us build a robust security fundamental for Top Hat.
Our ideal candidate is someone who wakes up each morning with a vision to scale security. They aim to reduce risk while facilitating the business to move swiftly and securely. They strongly believe that security should be inherent in the tools and processes engineers use daily. Their goal is to "Automate Everything," and they eagerly seize opportunities to apply tooling, automation, and self-service to security workflows, enhancing team scale and reliability.
If you are fueled by a passion for security, possess proven leadership skills, and thrive in a collaborative environment, this is your opportunity to make a significant impact. Join us at Top Hat and be a strong partner in shaping the future of security.
Our Security Team works closely with Top Hat's product engineering teams to provide expertise in application security. The team takes the lead in security architecture and design reviews, conducts threat modelling, and performs application security assessments for Top Hat's products.
Additionally, the team collaborates with Platform Engineering to enhance the security of our cloud environment. They work with IT to manage risks and implement optimal security solutions for Top Hat employees. The team also advises Legal and leadership on compliance and regulatory matters, supports sales, marketing, and revenue teams in addressing security concerns, and assists customer support and account teams with customized security solutions and responses.
The team’s subject matter expertise and collaboration with those teams help us ensure we are identifying opportunities to mitigate risk to our products and organization.
- Build relationships with key stakeholders, such as engineering managers, product managers, and company leadership, to seamlessly integrate security into business goals.
- Develop and manage security documents, including policies, standards, and procedures, ensuring adherence by employees. Collaborate with internal teams to mitigate security risks and maintain Top Hat's compliance.
- Provide subject matter expertise in various specialty areas, including application security, cloud security, corporate security, compliance, and regulatory matters.
- Recruit and lead a team of security engineers, offering technical vision and direction.
- Create tools and services to minimize manual efforts, enhancing the security and reliability of our product and infrastructure.
- Support team members' career growth through weekly syncs, consistent 1:1s, individual development planning, and performance reviews.
- Collaborate with Top Hat’s engineering and product organizations to address vulnerabilities identified by the team, communicating risks to leadership teams.
- Foster technical leadership within the team, establishing a culture of mentorship, pairing, and knowledge sharing to pinpoint the highest-risk vulnerabilities in Top Hat’s critical product areas.
- Ensure compliance with industry security standards, regulations, and certifications such as StateRAMP, PCI DSS, and SOC2.
- Build and manage security operation capabilities to safeguard Top Hat's assets and customers.
- Over 3 years of people management experience leading a security team.
- Proven ability to develop a strategy and roadmap for teams, emphasizing high-impact work to reduce technical risk.
- Demonstrated track record in performance management, expectation calibration, and building and sustaining high-performing, inclusive teams.
- Enthusiasm for cultivating a security-focused culture within engineering practices and processes.
- Strong sense of ownership and a bias for action.
- Experience in managing vendor partnerships and budgets.
- Demonstrated written and verbal communication skills, with the ability to adjust style and tone for different audiences.
- Over 5 years of hands-on experience in domains like application security, cloud security, and corporate security.
- Proficiency in modern cloud technology components and deployment patterns, like virtual machines, containers, Kubernetes, server-less, and infrastructure as code.
- Experience securing SaaS and multi-cloud environments such as AWS.
- In-depth understanding of modern SDLC and DevOps practices.
- Previous involvement in security incident response management, including implementation and program management.
- Knowledge and experience in security compliance (SOC2/ISO27001/NIST).
- Solid understanding of secure network design.
- Hands-on experience in managing and implementing SCA, SAST, DAST, RASP, IAST, and vulnerability management.
- Implementation and management of security operations tools (SIEM, IDS, IPS, Firewall, etc.).
- Previous experience in security championship and secure coding
Why team members love working at Top Hat :
*A noble mission that creates meaningful, fulfilling work
*A team that cares deeply for customers and for each other
*We’re a company of invested owners - every Top Hatter receives stock options
*Professional learning and development for all role levels
*An awesome and welcoming Toronto HQ, and a growing sales hub in Austin, Texas
*Competitive health benefits that start on day one
*A management team focused on performance, growth, engagement and connection
*Our winning strategy and market potential
*Innovative PTO policy with lots of time and space for self-care
*Passionate customers that believe in us—and what we do