What are we looking for?
We are looking for a security thought leader, who is passionate about application security. An experienced practitioner, not a theorist, who will lead our development teams through the adoption of security best practices and evangelize security. The ideal candidate has several years of development experience building systems/apps and then moved to application security.
The success in this role will demonstrate itself through the following attributes and skills:
Deep understanding of the security requirements lifecycle process and software development lifecycle (SDLC)
Strong working knowledge of Atlassian Stack, .Net Core, Microsoft Azure, SQL Server, GitHub, and Kubernetes
Experience developing and authoring application security architectures, standards, and guidelines
Experience communicating application security requirements and risk to IT teams and business partners
Experience reviewing application design, software framework, and infrastructure to identify risks. Capable of assessing underlying components (e.g., databases, servers), configuration, and security access controls
Experience with static code scan tools (e.g., Fortify, Checkmarx), dynamic scanning tools (e.g., Rapid7, WhiteHat Sentinel, Burp, Qualys), IAST (e.g. Contrast), and software composition tools (e.g. SourceClear, WhiteSource, Black Duck)
Experience working in an agile environment
Knowledgeable on industry frameworks and best practices (e.g., NIST CSF, OWASP ASVS, SANS/CWE Top 25, CIS Benchmarks)
Experience integrating security engineering automation tools into the CI/CD pipeline
To fulfill this role successfully, you should possess the following qualifications and experience:
BA/BS Bachelor's Degree or an Associate's Degree plus ten (7-10) years of SaaS experience. MA/MS Master's Degree in Information Technology, Computer Science or Software Engineering preferred
Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH) Certifications
CVEs or active participation in Bug Bounty programs
Active participation in cybersecurity forums/conventions, e. g. OWASP, Black Hat, B-Sides, DefCON. Public speaking is a plus.
ServiceTitan is a mobile, cloud-based software platform that helps home services companies streamline operations, improve customer service, and grow their business. ServiceTitan's end-to-end solution for the multi-billion dollar residential home services industry includes CRM, intelligent dispatch, custom reporting, marketing automation, mobile solution for field techs, and accounting integration with Intacct and QuickBooks. ServiceTitan brings a fully operational modern SaaS infrastructure to an industry traditionally underserved by software. ServiceTitan is the preferred software for hundreds of the world's most successful plumbing, HVAC, and electrical companies. For more information about ServiceTitan, visit www.ServiceTitan.com.
Los Angeles Business Journal Best Places to Work, 2018
Los Angeles Business Journal Top 100 Fastest Growing Private Company, 2018
Deloitte Fast 500, 2018
Inc 5000 - Best Workplaces, 2018
Inc. 5000 America's Fastest Growing Companies, 2018
Glassdoor/Battery Ventures Highest Rated Cloud Computing Companies, 2018
Mogul Top 1000 Companies Worldwide for Millennial Women 2018
Forbes - Next Billion-Dollar Startup List, 2017