Head Of Devops, Appsec, Cloud Security, Data Security

Jefferies is a leading global financial services company that is committed to delivering cutting-edge information security solutions to safeguard our organization's digital assets and protect our client's data. We are seeking a highly skilled and experienced professional to join our team as Senior Vice President, Head of DevOps, Application Security, Cloud Security & Data Security. This critical leadership role will report directly to the Chief Information Security Officer (CISO) and play a pivotal role in shaping the information security strategy and engineering direction for our organization.

The candidate must be highly technical and adaptable to the rapid pace of financial services development and delivery.  Candidate needs to be an excellent team player with good overall technical and communication skills and above all be self-motivated and drive the overall progress of the security program at Jefferies.

We look to hire people who are comfortable in working with minimal supervision as part of a team that has consistently delivers ground-breaking and innovative solutions in one of the most exciting and fast-moving areas of the financial markets vertical. We need people who can prioritize and effectively communicate complex issues within all levels of the organization.

Key Responsibilities:

In this role, you will be responsible for overseeing and leading a team of engineers across multiple domains including AWS & Azure Cloud Security, DevOps Engineering, Application Security and Splunk Enterprise (SIEM). Your role will encompass a wide range of strategic, managerial, and technical responsibilities, including but not limited to: 

Technical Leadership and Strategy:

• Provide strategic guidance and direction for the architecture and engineering of multiple high-performing teams across diverse domains.
• Drive the vision and direction of security solutions through active participation in the information security market through involvement with vendors, conferences, connecting with peers for all the firms' various key technologies.
• Conduct in-depth technical vendor security reviews for all SaaS solutions integrated into the organization's technology stack to ensure proactive security measures from vendors.
• Vendor Management and Cost Optimization by effectively managing contract negotiations and budgets for all vendor products under the umbrella of products.

Team Leadership and Supervision:

• Lead, supervise and inspire a team of 7+ direct and 8+ indirect engineers across multiple key areas, including AWS Cloud Security, DevOps Engineering, Application Security, Splunk Enterprise (SIEM), Network Segmentation, and other areas/teams as assigned. 

Engineering and Architecture:

• Innovate, architect, develop, and deploy cutting-edge security solutions to provide next generation security solutions aHead of the curve.
• Deep technical experience in all domains that you will be managing is required in order to provide tier III support as necessary to all engineers within your team. 
• Work independently and as part of a team to urgently analyze and troubleshoot escalated issues from Tier II, train and provide technical training to Tier I & II engineers
• Efficiently troubleshoot/prioritize issues and create a culture of root cause analysis.
• Drive overall strategy and implementation of Cloud Security processes, procedure, governance through a combination of preventive and reactive controls and policies in a multi-cloud environment.
• Work closely with application teams, Cloud Engineering and other infrastructure teams to support and implement security at every level within the firm.

Required Background:

• Previous experience with implementation of next generation DevSecOps including Kubernetes, automated functional testing and release management including Mature application security program including SAST, DAST and shifting left
• Deep technical hands-on experience and management of AWS and/or Azure IaaS/PaaS services including defining and enforcing preventative and detective guardrails for all IaaS, PaaS, SaaS, and FaaS environments; including shift-left
• Experience with deploying, managing, and administrating specific products such as Splunk Enterprise Security, Terraform, CloudFormation, Atlassian, GitHub Enterprise, Snyk, jFrog, Palo Alto Networks Prisma Cloud, etc.
• Experience managing and supporting critical Developer infrastructure and secure SDLC
• Depp understanding of Application Security principles, SAST, DAST and web application vulnerabilities such as OWASP Top 10, their risk and remediations
• Experience preparing detailed architecture, and design documents.
• Manage multiple projects simultaneously and can adapt to changing business needs.
• Work well with cross functional global and remote teams.
• Self-disciplined, self-starter who can provide leadership and mentor others while resolving complex incidents and delivering projects.
• Ability to analyze complex problems, propose effective solutions and understand and apply business vision and direction.
• Ability and willingness to learn new things in a fast-paced environment.

Desirable Skills:

• Familiarity with NIST CSF and Cloud Security Alliance CCM frameworks
• Deep technical experience with technologies such as Networking, DNS, WAF, GSLB, SASE, NDR, CNAPP, CSPM, DevOps, Windows Servers/Unix, etc a big plus
• Scripting skills including Python, PowerShell, or REST

The salary range for this role is $175,000-$250,000