Senior Application Security Manager - Denver, CO

Denver, CO
Engineering – SRE
Full-time
Quizlet’s mission is to help students (and their teachers) practice and master whatever they are learning. Every month more than 50 million active learners from 130 countries practice and master more than 300 million study sets on every conceivable topic and subject. We are developing new learning experiences by modeling how students learn and drawing upon knowledge acquisition, retention, and pedagogy in cognitive science. We are always seeking to help students master any subject by optimizing study efficiency and engagement.

Quizlet’s Sr. Application Security Manager is responsible for protecting Quizlet and protecting Quizlet’s users by ensuring the Confidentiality, Integrity, and availability of Quizlet’s digital assets (CIA). Digital assets are the users’ data, partner data, and intellectual property as contained within or accessible by Quizlet’s Corporate and Product technological footprints. Digital assets are confidential when they are accessible (read or write) only to authorized parties, either users or employees. Digital assets have integrity when confidence is high that assets as read to an authorized party are exactly as written by an authorized party. Digital assets are available when they are accessible to all authorized parties within an agreed upon SLO, and when innovation (product or corporate) related to such access can occur within an agreed upon SLO.

Quizlet’s Sr. Application Security Manager is expected to meet these responsibilities:

    • Partner and align with stakeholders to drive tradeoff decisions among technical risks and business velocity.
    • Drive technical implementation by directly implementing mitigations, coordinating implementation of mitigations with other teams, and providing primitives to other team to enable their development to be secure by default.  
    • Own & curate a technical security roadmap and guide our vulnerability assessment, management, and remediation programs.
    • Partner with stakeholders to provide security visibility into application security across all of engineering.  
    • Foster a company-wide security culture through training and socialization of best practices. 
    • Own and support policies and procedures pertaining to the security of digital assets.
    • Align with established Behavioral Norms for all engineering managers.
    • Align with established Roles and Responsibilities for product engineering managers, and call out when those Roles and Responsibilities don’t align with security needs.

Required Qualifications

    • 4+ years experience as owner of a security program or team(s) in a technology company
    • 4+ years experience in application security
    • 2+ years experience in software engineering
    • Growing and managing teams, coaching and developing engineers.
    • Knowledge of web application security principles with significant understanding of application security topics such as OWASP Top 10 and authentication infrastructure (SAML, OAUTH).
    • Ability to interpret static & dynamic analysis tools, as well as results from vulnerability assessments and penetration tests in order to describe issues and guide appropriate remediations to non-security experts.
    • Collaborating and building strong working relationships with internal stakeholder teams.
    • Explain technical concepts clearly and concisely to engineers and non-engineers
    • Organizational and project management skills.

Preferred Qualifications

    • Owning, building and scaling a well rounded, technical security program.
    • Experience with Javascript, Hack, Python, Go, and Ruby.
    • Ability to build tools and internal applications to automate the discovery, evaluation and help lead to the mitigation of security vulnerabilities during development and in production.
    • Working within one or more public cloud providers (GCP, AWS, Azure, Alibaba).Experience in a UGC (user generated content) environment
    • Authoring or contributing to technical security documentation and policies.
We hope you are excited about everything you read so far. We highly encourage you to apply for this position, even if you feel you do not meet all the requirements. Quizlet is always looking for amazing folks that believe in our mission and can contribute to our team in various ways - not merely candidates that fit a certain mold.

Quizlet's Team Culture

We are here to make education better and more accessible. We strive to improve the lives of students and teachers at every stage and in every setting. We have a bias for action, take initiative, and hustle to deliver results. We make informed decisions whenever possible but are unafraid to take calculated risks on great ideas to promote learning. We embrace challenges and see effort as the path to mastery. We’re constantly seeking opportunities to learn and we embrace curiosity. Quality matters at Quizlet, and we hold the bar high on everything we do. We sweat the details and take personal accountability and pride in anything that carries the Quizlet name. We speak up, jump in and work with each other to fix problems, and never say "that's not my job." We treat each other with honesty and respect, encourage vigorous debate, and seek critical feedback. We value diversity, humility, transparency, and collaboration as the best paths to our success — as individuals, as a team, and as a company.

Quizlet’s success as an online learning community depends on a strong commitment to diversity, equity and inclusion. We are actively working to build a team that is representative of the diverse communities we serve, and an open, inclusive work environment where all employees can thrive. As an equal opportunity employer and a tech company committed to societal change, we welcome applicants from all backgrounds. Women, people of color, members of the LGBTQ+ community, individuals with disabilities, and veterans are strongly encouraged to apply. Come join us!