Product Security Architect (Compliance)

Are you energized by the opportunity to bridge SaaS engineering and pragmatic security practices? Are you passionate about both sharing your technical talents and amplifying others? We are looking for a hands-on, highly collaborative Security Architect to design and champion security best-practices directly adjacent to our Mandiant Engineering organization.

As a part of the DevOps, Delivery, and Platform (DDP) team, Security Engineering supports Application Security, System Architecture, Compliance Enablement, and Secure SDLC practices for Mandiant Product Engineering. In support of Mandiant’s broad Security function, Security Engineering embeds within and directly enables product engineering teams to deliver mission-critical, highly secure SaaS capabilities at both speed and scale. We believe effective security begins with providing secure solutions to key engineering requirements and technical partnership via guardrails not roadblocks. Our team securely enables the business by collaborative source code and architecture reviews, turn-key engineering solutions, and streamlining both security testing and compliance-related activities.

What You Will Do:

• Foster and evangelize security culture across diverse and fast-paced engineering teams with technical credibility, personal empathy, and service
• Develop and support security-focused engineering capabilities, including static application security testing, software supply chain management, and CICD platform tooling
• Conduct technical compliance assessments of controls for in-scope systems, including remediation assessments and audit-readiness assessments
• Partner with Product teams, advising both on applicable control requirements and potential solutions to address them
• Identify control deficiencies and maintain records of deficiency details including management response documentation and exposure check evidence
• Drive remediation activities with stakeholders, including developing remediation plans, tracking, and reporting remediation progress
• Support evidence collection and documentation for internal and external audits
• Stay up to date and proactively informed on developing regulatory concerns and evolving compliance controls, in practice and technical solutions

Minimum Requirements:

• 5 years of Information Security leadership, with demonstrated experience across multiple domains, e.g., Application, Cloud, Product Security
• Software development experience, particularly with SaaS full-stack architecture
• Dynamic technical leadership acumen, both cross-functionally and directly supporting highly technical staff
• Project management experience, including direct teams and external partners
• US Citizenship required due to the nature of the work

Additional Qualifications:

• You foster credibility and collaboration with technical stakeholders by mapping security control requirements to practical solutions for various technologies
• You are biased to action at speed, comfortable with ambiguity, and able to distill complexity to clarity across varied technical disciplines
• You recognize the magic of facilitating people with diverse talents, perspectives, and technical backgrounds in accomplishing great things together

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Minimum Salary: $160,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations.

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.

• 
  Disclosure as required by sb19-085 (8-5-20)