Senior Technical Program Manager, Information Security Engineering Program Management
Los Gatos, CA
At Netflix we do one thing - entertainment - and we aim to do it really well. To accomplish this goal, we must produce, distribute, and stream content at massive scale. Many customers think about Netflix as a single piece of streaming software, but in reality we require thousands of services working in tandem to get content from the mind of our creative partners to the devices where members enjoy that content.
We aim to build software that is secure by default so that software engineers do not need to become security experts to protect their systems. Application Security Engineering's approach is to guide developers towards simple, self-service solutions that meaningfully reduce security risk for software they create. Our team's systems serve thousands of applications and developers, so we focus on automated and scalable approaches that eliminate bug classes and make default configurations secure.
This year, we are focused on significantly scaling up our approach to automated vulnerability management. For this role, we are looking for somebody to help build out our approach to effectively address vulnerabilities in rapidly growing parts of our business.
Netflix's culture is different from other companies and this influences our approach to security:
• We avoid rules. The Netflix Security team does not typically issue mandates or block releases.
• We encourage independent decision-making by employees. Service developers own every aspect of their application, including security. It is the security team's job to advise them.
• Strong software engineer comfortable in Python
• Prior large-scale vulnerability management experience preferred
• Energized by a diverse and constantly evolving environment
• Enjoys opportunities to learn new skills
• Effective communicator
• Comfortable coordinating complex projects
For more information about Application Security at Netflix see these resources:
• Astha Singhal's Netflix Tech Blog post about how we scale application security at Netflix.
• Bryan Payne's blog post about how we practice security effectively in a culture that aims to avoid security gates and unnecessary processes.
• Aladdin Almubayed's 2019 BlackHat talk about how we approach third-party vulnerability management.
• The Netflix Security YouTube Channel contains videos from talks Netflixers have given about various security topics.