Director, Application Security

Our Information Security Team is opening up the boundaries on shift left strategies to ensure all software development and IT operations at Invitae adhere to security best practices from inception to implementation. We are passionate about driving security strategy and improving security maturity for the organization. This position is a leadership role that requires an individual with a solid technical background, as well as an ability to partner and influence various technology and business operations teams to align on security priorities, strategies, and roadmaps.

• Provide expert knowledge to the organization and stakeholders regarding the status, goals, functionality, and progression of Security Objectives
• Understand and be able to relay Cloud, and Application Security information as an SME
• Provide senior level leadership to a broad team of engineers, consultants, and staff across the organization.
• Manage sophisticated deliverables across security and information technology teams to ensure we meet our timelines, goals, and requirements.
• Develop staff to including training, mentorship, and functional alignment with our critical service delivery for Amazon Web Services and security tool implementation
• Performing security design reviews to assess security implications for proposed new product features.
• Identifying and assessing design and operational vulnerabilities in web application, network and system topologies
• Advising on data security issues, compliance, and privacy requirements including, but not limited to HIPAA, HITRUST, SOC2, SOX,and ISO 27001
• Taking a lead role in conducting security research on threats and remediation techniques/technology and making recommendations for implementation
• Assisting in the development and automation of threat management, vulnerability management, and incident management processes

• Require a minimum of 15 years of related experience with a Bachelor’s degree; or 12 years and a Master’s degree. 6 years of leadership experience preferred.
• Strong hands-on experience in Application, Network, System and Cloud Security Architecture design and review
• Good consultative, communication, teammate and analytical skills are a must, as you will be regularly interacting between various teams.
• Self-motivated to remain informed on current and emerging trends and security best practices
• Ability to work within a fast-paced environment with short timelines
• Understanding of AWS and Security reference architecture
• Understanding of DevOps and DevSecOps including current industry leading services and systems
• SME on full development lifecycle processes, requirements, and security considerations
• Application security experience and understanding of code scanning, remediation processes, and capabilities

• Experience breaking down complex systems and applications to find relevant security risks
• Detailed understanding of Microsoft Active Directory, Identity and Auth services, DNS, DHCP and email infrastructure design and security
• Deep understanding of VPN, PKI, IPAM and MFA technologies required
• Understanding of application and operating system hardening, TCP/IP & network fundamentals, intrusion detection systems, firewalls, VPNs, WAFs
• Demonstrated expertise crafting and running security solutions - vulnerability scanners, forensics software, SIEM, HIDS/NIDS, IPS, malware analysis and protection, content filtering, logical access controls,IAM, data loss prevention, content filtering technologies, and application firewalls
• Understanding of cloud services
• DevOps Proficiencies
• Terraform / TFE
• Hashi Vault
• EKS / Kubernetes
• Container Methodology
• Application Security
• Understanding of GitOps / Gitlab / Github
• CI/CD processes and methodologies