Staff Product Security Architect

Staff Product Security Architect

As a Staff Security Architect at Fastly you will help ensure we provide a secure edge for one of the biggest online platforms in the world, handling extensive amounts of traffic at very low latency. Fastly's Security Architecture Team fosters security throughout all areas of Fastly's applications and infrastructure. Fastly believes that security is everyone's responsibility and you will be empowering all of Fastly to live up to that responsibility. Qualified candidates will excel at analyzing the design of our software and implementations, and will show an aptitude for discovering complex security issues.

This position will ideally be based in any of our following locations: New York, Denver, San Francisco, Los Angeles. We are willing to consider highly qualified remote candidates in other parts of the US.

This is a role which has a high impact on human lives. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You'll make sure our customers benefit from a service built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

What You'll Do

In this role, you will enhance the security of Fastly's network, infrastructure and security products by working closely with engineering and product teams to integrate security into the design and development of Fastly products.

• Perform secure architecture and design reviews of cloud-based products (CDN, Web Application Firewall, Bot detection) and collaborate with engineering and product teams to integrate secure-by-design principles into engineering builds.

• Conduct thorough security assessments of products developed by our network, infrastructure and security product lines to identify security threats to Fastly and define tactical and strategic mitigation plans to assist with remediation.

• Develop and implement robust security protocols and best practices to protect against security threats.

• Perform secure code and configuration reviews as part of the product development lifecycle and provide recommendations that strengthen Fastly's security posture.

• Influence product design paradigms to incorporate security best practices and drive requirements for security into the release cycle.

• Maintain a clear view of the overall product development roadmap and associated product lifecycle to ensure security is appropriately incorporated throughout.

• Become a domain expert in the content delivery network (CDN), infrastructure and security products and represent that knowledge with prospects, customers, and auditors.

• Research and understand new threats and attack vectors that impact Fastly and work with product owners to design appropriate prevention, detection and remediation initiatives.

• Involvement in Fastly's Secure SDLC, focusing on both collaborative hands-on design work and training initiatives across the company.

• Influence Fastly's security strategy by leveraging the collective strength of the security team and articulating the capabilities needed to effectively manage cyber threats.

What We're Looking For

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess most of the following and an interest in learning more about the rest:

• 7+ years of relevant experience and a Bachelor's degree in Computer Science or equivalent.

• Proven experience in securing multi-tenant general compute services, reverse proxies, cache servers, web application firewalls, Bot technologies and modern APIs.

• Extensive experience performing threat modeling, secure code reviews and designing controls to mitigate security threats for new and existing cloud-based products. Bonus for experience with security specific cloud products.

• Deep understanding of certificate authorities, digital certificates, public key infrastructure and how they operate in a client - server environment.

• Strong understanding of bot detection techniques, including CAPTCHA, rate limiting and behavioral analysis and hands-on experience securing bot detection technologies.

• Strong understanding of web application firewalls and hands-on experience securing WAF solutions and technologies, including rule-based and machine learning based approaches.

• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation.

• Deep understanding of common web based vulnerabilities

• Working knowledge of authorization, authentication and encryption strategies.

• Strong grasp at all layers of the information security stack including hands-on security engineering.

• Strong analytical and problem-solving skills, with the ability to analyze complex security issues and recommend effective solutions.

• Excellent communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.

Work Hours

This position will require you to be available during core North American business hours.

Work Locations & Travel Requirements:

This position is open to both hybrid and remote locations.

The preferred locations for this position are:

• San Francisco, CA
• Denver, CO
• New York, NY

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.

We are willing to consider remote candidates in the United States.

This position may require travel as required by your role or requested by your manager.

Salary:

The estimated salary range for this position is $211,370 to $264,220.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly's equity and discretionary bonus programs.

Benefits:

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings?

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a Flexible Vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2024, we offer 10 paid local holidays, 11 paid company wellness days.