Application Security Senior Manager

Udemy | Posted 11-01-2022

Dublin (IT)

As a senior manager on the Privacy/Application Security team, you will be responsible for programs that implement the three A’s: Authentication, Authorization, and Accounting. This domain will include managing the privacy of user accounts on an enterprise scale, managing secrets, and managing service calls in a security-conscious environment. The projects will include new development work on data locality, PII vaults, and zero-trust architectures. We focus on improving code quality and making work easier for everyone.
How we work
Our teams have a high degree of autonomy to define their mission, vision, strategy and select and prioritise the projects to work on in order to deliver the business results to our customers.
Our team members come from various backgrounds and we strongly believe that diversity, open-mindedness, and good communication yield the best results. We work collaboratively and cross-functionally, taking ownership of doing the right things and getting them done. We are looking for someone to join the team who has demonstrable experience in some of the areas listed below and a desire to learn and master anything else that comes their way - we are a learning company after all!

Key Responsibilities

    • Build and manage teams dedicated to Privacy and Security
    • Work with internal stakeholders to determine priorities for privacy and security concerns.
    • Review technical designs and code-review the work of other groups to ensure that security, privacy, authorization, and application security concerns are adequately managed for proposed and in-flight projects.
    • Participate in security incident responses when needed.
    • Plan, organize, and complete work within agile sprints using common DevOps guidelines, with a heavy focus on testing, CI/CD, and automated monitoring.
    • Grow and nourish a team culture that values openness, inclusiveness, respect, quality, robustness, scalability, and humility while fostering innovation.
    • Share related knowledge with the members of the wider engineering team through training and internal blogging.

Core competencies

    • Minimum four years of experience with web application technologies including HTTP, HTML, CSS, and JavaScript
    • Minimum two years of experience with object-oriented languages (Java or Kotlin), ideally scripting languages like Python, Ruby, or PHP.
    • Experience operating in public cloud environments (e.g., AWS, GCP, Azure).(do we require this?)
    • Knowledge of networking protocols (TCP/IP, DNS, HTTP/TLS)
    • Good knowledge of website security, such as headers, cookies, CORS, XSS, etc.
    • Good understanding of authentication technologies such as OAuth, SAML, OIDC, JWT
    • Strong technical communication skills
    • Knowledge of object-oriented software design patterns and computer science fundamentals (e.g. data structures, algorithms) T
    • Testing methods, including unit and end-to-end tests

Nice to have

    • Familiarity with practices around GDPR, CCPA, PIPL
    • Experience with modern Javascript frameworks (e.g., React, Angular, Vue, NodeJS, NextJS, etc.).
    • Experience with microservices, Istio or other service mesh architectures.
    • Experience with Kubernetes, Docker or other containerization technologies.
    • Understanding of any security-related compliance practices such as SOX, SOC-2, PCI, ISO 27001, HITECH, HITRUST.
    • Good understanding of each OWASP top 10 vulnerability
    • Experience with hacking, pentesting, and offensive security tools (e.g., Burp Suite, Kali Linux, Nmap, Ghidra, IDA Pro, John the Ripper, Metasploit, Frida)
    • Experience with defensive tools (Any WAF, any SIEM, any security-oriented log analysis).
    • Contributions to open source projects
What are some of the benefits of working at Udemy?
Best in class employee training and onboarding Annual education allowance with unlimited access to the Udemy learning platform Pension Health Insurance Dental plan Life Assurance (x4 times your annual salary) Long term illness cover Free breakfast and lunch catered on-site 25 days holidays plus additional company discretionary days Flexible working hours (agreed with your manager) Gym discounts An amazing culture of always learning and supporting each other UBelong programs to foster inclusivity and being your authentic self at work We have 38 different nationalities in our Dublin office alone And lots more
About Udemy
We believe anyone can build the life they imagine through online learning. Today, millions of students around the world are advancing their careers and passions by exploring and mastering new skills on Udemy, and expert instructors are able to share their knowledge with the world. Through our global marketplace and our solutions for businesses and governments, we connect people everywhere with the skills they need for success in work and life. We’re a close-knit bunch that enjoys problem-solving and collaboration, and we share a serious belief in the power of learning and teaching to change lives. Udemy’s culture encourages innovation, creativity, passion, and teamwork. We also celebrate our milestones and support each other every day.
Founded in 2010, Udemy is publicly traded and headquartered in San Francisco’s SOMA neighborhood with offices in Denver (Colorado), Dublin (Ireland), Ankara (Turkey), Gurugram (India), and São Paulo (Brazil).
Udemy in the News
Udemy Adds More than $1 Billion To Its Valuation in New Funding Round Udemy’s Workplace Learning Tool Just Surpassed $100M in ARR Paid Paternity Leave Should be the Norm in the U.S. Breakdown of Most In-Demand Skills for 2020—Finance, Marketing, Sales and Engineering How Investing in Yourself Today Will Set You Up for Career Success Tomorrow Feedback Isn’t the Problem, but the Way That We Deliver It Is Broken