Senior Security Partner

The Challenge

The Adobe Security team is seeking a smart, hardworking information security professional to play a key role in enabling a culture of security throughout our product engineering teams. As a Sr Security Partner, you will act as a vital link between product management, engineering, cyber security, and compliance teams worldwide. In this position, you will be driving the internal certification and accreditation processes and procedures, vulnerability management, and incident response for your product portfolio as well as leading efforts to increase security awareness through education.

Key Responsibilities (how):

• Analyze security risks using real-world security data and systems automation.

• Maintain up-to-date knowledge related to security threats, vulnerabilities, and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.

• Frequently detail and communicate product security progress and risks to senior business unit leadership.

• Contribute to security program development by identifying new or emerging opportunities to apply security principles and technologies.

• Lead product-level security objectives and priorities to ensure timely and effective completion, including setting deadlines, prioritizing tasks, and assigning team members to various programs/projects.

• Contribute to the production and improvement of the content, quality, and design of reporting dashboards, supporting Adobe's efforts to develop a reliable reporting medium by collecting requirements, then proceeding to design and implementation phases.

• Foster close, cooperative relationships with peer leaders, leadership, and other teams in efforts to maintain alignment across functions.

• Elevate any risks and issues. Solicit collaborator feedback to shape, communicate, and track key work and drive prioritization across and within projects and programs.

• Seek to understand the big picture objectives, clarify end goals, and look to be a strategic partner with management in driving the strategy and accomplishing security goals.

• Serve as a trusted aide to business unit leadership to improve overall product security posture.

• Work independently with a geographically dispersed team.

• Perform security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.

What You'll Need to Succeed

• Master's degree in computer science, engineering, cybersecurity or a related field, or a bachelor's degree with 8+ years of experience in a similar security role.

• At least three years of experience working with business leadership and enterprise projects.

• Outstanding organization skills, strong planning skills, communication skills, and high attention to detail. The position requires speaking publicly to senior leadership and customers.

• Proven track record building technical rapport and enduring relationships within diverse teams.

• Solid understanding of public cloud infrastructure and architecture (AWS, Azure, GCP) and associated security concepts and challenges.

• Solid understanding of foundational security principles, techniques, and standard methodologies such as authentication, authorization, logging, baselines, data handling, and SPLC.

• Solid knowledge of application & operations security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.

• Driven and excellent at communicating with others.

• Ability to multitask and switch between multiple high urgency projects.

• Experience with security issues in mobile and desktop applications.

• Experience with emerging threats, mitigations, and industry trends.

• Understanding of industry standard methodologies in application & operations security.

• Familiarity with compliance frameworks such as FedRAMP, ISO 27001, SOC2, HIPAA, FERPA, and PCI.

• Experience leading projects and programs, especially within the Cybersecurity domain.

• Experience working in an engineering and software development organization and within the Secure Development Lifecycle.

• Experience working with Lean Enterprise/Agile/DevOps/SecDevOps development frameworks.

• Solid experience working with SaaS/cloud delivered solutions.

• Knowledge and experience working with common security tools: Kali Linux, Nessus, Qualys, BurpSuite, etc.

• Solid knowledge and understanding of containerized applications: Docker, OpenShift, Kubernetes, etc.

• Industry Certifications such as CISSP, CASP+, CISM, CISA, GCIH, CFCE, GCFA, and/or GCFE, or equivalent job experience.