Director of Application Security

Fastly helps the world’s most popular digital businesses keep pace with their customer expectations by delivering fast, secure, and scalable online experiences. Businesses trust the Fastly edge cloud platform to accelerate the pace of technical innovation, mitigate evolving threats, and scale on demand.

As Director of Application Security at Fastly you will manage and build Fastly’s application security team of security architects and security engineers. We are looking for a Director of Application Security who has a track record of building a team that is responsible for all development aspects of securing a large sophisticated system. The Director will drive application security to help protect the biggest online platforms in the world, handling massive amounts of traffic at very low latency, for customers with diverse security requirements. This is a role with a high impact, friendly security team. In addition to contributing to industry leading security products and services, you’ll make sure our customers benefit from a service built to the highest security standards in the industry. We’re in beautiful downtown San Francisco, but for the right candidate, we’re open to considering a remote position, and we have the team and tools in place to make it work.

Recruit, manage and develop a world class team that researches new security threats and identifies appropriate mitigations to protect customer services by: * Designing security features and engineering security solutions for Fastly services * Performing penetration tests and security reviews for core applications and APIs * Hunting for security flaws in the software powering the Fastly edge * Developing custom tools to test, monitor and enforce security across our applications * Researching security vulnerability disclosures and design and propose appropriate mitigations

* Experience building and managing a team of deeply technical application security architects and engineers * Be passionate about security and protecting our customers * Be knowledgeable on the topics of secure development lifecycle, threat modeling, and web application security assessments * Experience applying security engineering practices * Be knowledgeable on a variety of security testing methodologies, including fuzzing and source code analysis and web application vulnerabilities and attack methods including CSRF, XSS, SQL injection, etc. * Experience with secure networking best practices * Experience with high throughput real-time systems and/or content delivery networks preferred * Strong multi-tasking abilities with attention to detail and the ability to dive deeply into issues * Excellent written and spoken communication skills, experience presenting complex ideas * Excellent ability to build relationships with customers, security engineers and researchers