Senior Technical Program Manager, Information Security Engineering

Job Description

Senior Technical Program Manager, Information Security Engineering (Vulnerability Management)

At Netflix we do one thing - entertainment - and we aim to do it really well. To accomplish this goal, we must produce, distribute, and stream content at a massive scale. We have a strong engineering organization that enables us to achieve these business objectives and a unique and creative culture that guides us to operate with ''Freedom and Responsibility''. This helps keep engineering velocity high, but also means that our security team needs to operate differently than a traditional security team. Employees have tremendous freedom in their work, along with the corresponding responsibility to do the right thing for Netflix. Instead of controlling engineers with process and security gates, we enable them to build secure code and provide them with adequate security context to make the right decisions for Netflix.

The Team

The Information Security Engineering Program Management team is a force multiplier for the Infosec organization; we partner closely with engineering teams across Netflix to deliver impactful and scalable security initiatives. The team is also a key driver for the success of Infosec's partnership program which aims at enabling our customers and stakeholders to meet their goals in a secure way. We collaborate with leaders inside and outside the Infosec organization to align on strategic goals and vision to further the security roadmaps for our partnering teams in a business-driven way. We then work with the right stakeholders to establish and drive initiatives that move the needle on this.

The Opportunity

You will own and drive our at-scale vulnerability management program across multiple stakeholders ranging from central engineering, studio leadership and teams, product managers, engineering managers, and developers. It is a great opportunity to help mature the security posture in the most rapidly growing parts of our business and gain intimate knowledge of Netflix's security products and services.

As part of the program ownership, the Vulnerability Management TPM will evolve and drive the vision of Vulnerability Management at Netflix. You'll be responsible for crafting and executing the overall program including quarterly roadmaps and working with numerous stakeholders, from across infosec and engineering, on how to reduce the risk from vulnerabilities across the Netflix ecosystem. You'll explore and solve vulnerability management challenges in a dynamic engineering environment that will expose you to the entire breadth of Netflix assets and technologies.

We are leaning into the ''T'' (Technical) for this role. By technical, we mean that the ideal candidate has a strong understanding of the vulnerability management space and the ability to gain a technical understanding of the different security domains across the program's lifecycle. Additionally, we will require the TPM to have both strategy and execution skills.

Desired Background
• You are passionate about leading by influence. This role requires advocating for change with a variety of teams in Netflix's unique culture.
• You have a demonstrated ability to establish a vision and to execute on it.
• You have excellent written and verbal communication skills, including clear articulation of business impact and technical constraints tailored to the audience.
• You are able to triage multiple initiatives to make a judgment to tackle the right problems at the right time.
• You have an ability to identify gaps in solutions, debate technical approaches and weigh-in on product vs technology tradeoffs.
• You have developed and driven security initiatives such as building platform wide authentication systems, authorization at scale, vulnerability management, etc.
• You have an understanding of technical foundations in identity and access management, cloud infrastructure security, third party risk or security in general.

Finally, here's a few more reasons why we love this work, and think that you will too:
• You will have the opportunity to facilitate impactful security work for the Netflix engineering ecosystem.
• You will be working with an industry leading security team with many opportunities to improve existing projects and identify new ones.
• You will have the opportunity to research new ideas and share them across the community.
• You enjoy learning and working closely with domain experts in diverse areas such as microservices architecture, data science and engineering, content delivery networks, and a production studio.

We are looking for thoughtful security professionals who enable our mission and support our culture of freedom and responsibility. You can learn more about life at Netflix by watching our security talks or exploring our open source work.

Jobcode: Reference SBJ-rez637-3-145-8-42-42 in your application.