Distinguished Security Engineer Jobs

Location Details:

At GoDaddy the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely.

This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or offsites.

This position is not eligible to be performed in Alaska, Colorado, Mississippi, North Dakota, or the Virgin Islands.

What you'll get to do...

A Distinguished Security Engineer in GoDaddy's Information Security division, leads all aspects in driving and establishing our multi-year security strategy, integrating security into our business units across our company. This role has core accountability in driving vital initiatives, as we integrate security into our Software Development Process, end-to-end, within GoDaddy’s Commerce business division.

• Coordinate enterprise security strategy to integrate security capabilities into software/system development lifecycle to support the business
• Operationalize Design Reviews, SAST, DAST and other capabilities required to scale security reviews across the organization
• Implement agile, business coordinated security certification program to enable business while ensuring security is a core part of product design and development
• Partner internally and externally with our audit teams to drive gap assessments, cyber security and other audit requirements to support the organization
• Identify security standards and requirements for embracing new and emerging technologies and platforms
• Assess offensive security capabilities required to pro-actively assess security posture of systems and drive remediation
• Operationalize continuous testing and validation of security controls
• Collaborate with business partners to define and prioritize security initiatives and investments
• Drive program management activities required to establish effective delivery and execution of SSDLC activities
• Partner with business collaborators to help define and prioritize security initiatives and investments
• Develop, coach, and mentor a team of engineers and growth leaders, while coordinating closely with product/program managers, other engineering leaders and business partners
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities
• Establish dedicated cyber security capabilities required to ensure security of GoDaddy’s commerce solutions, including, but not limited to security of payment systems, infrastructure, and devices
• Partner closely with Finance, Operation, IT, executive management, and key product leaders to build a shared vision

Your experience should include...

• Able to build and secure payment systems and platforms
• Experience driving and supporting security audits and certifications including PCI DSS, PCI PTS and SOC 2
• A mentor and leader to other managers and security engineers, while building and maintaining high agility and high morale
• Knowledgeable in threat modeling or other risk identification techniques, and risk management
• Excellent written and verbal technical communication with an ability to present sophisticated technical information in a clear and concise manner to a variety of audiences
• Owned project delivery for large, multi-functional projects with evolving requirements
• Familiar with a fast-paced environment with minimal process and maximum efficiency
• Validated experience architecting and securely deploying large scale systems in public cloud (AWS) infrastructure
• Ability to lead and perform offensive security testing including penetration testing and red team exercises
• Prior experience defining security strategy, goals and targets
• 10+ years’ validated experience in cyber security engineering with focus on secure design and development
• Expertise in applied cryptography, hardware security modules (HSM) with understanding of FIPS 140 requirements and standards for cryptography modules that include both hardware and software components
• Experience in security across the payments industry
• Confirmed experience integrating security capabilities into business units to drive and address business specific challenges
• Hands on expertise in hardware and device security including, trusted computing, trusted execution environment, tamper detection and response, etc

You might also have...

• Master’s in information security
• Bachelor’s degree in information security, Computer Science or related field
• Strong project management experience desired for working on multi-functional projects

We've got your back... Enjoy our many benefits (My Wallet), which may vary depending on role and tenure, including paid time off, 401k, bonus eligibility, equity grants and parental leave. Join one of our employee resource groups (Culture). Once approved, continue to have a side hustle if you have one (we love entrepreneurs, remember?). Most importantly, come as you are and make your own way.

About us... GoDaddy is empowering everyday entrepreneurs around the world by providing all of the help and tools to succeed online. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights and the people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us (https://aboutus.godaddy.net/about-us/overview/default.aspx.)

GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, creed, sex, sexual orientation, gender, gender identity or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.

If you need help completing an application for a position with GoDaddy, please reach out to our Recruiting Team at [email protected].

GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.