Director of Security

NEXT’s mission is to help entrepreneurs thrive. We’re doing that by building the only technology-led, full-stack provider of small business insurance in the industry, taking on the entire value chain and transforming the customer experience.

Simply put, wherever you find small businesses, you’ll find NEXT.

Since 2016, we’ve helped hundreds of thousands of small business customers across the United States get fast, customized and affordable coverage. We’re backed by industry leaders in insurance and tech, and we still have room to grow — that’s where you come in.

We are looking for a Director of Product Security who will lead our product security group at Next Insurance. You will be reporting to our VP, Chief Security Officer, and will be at the forefront of the security work, guiding our secure development practices and application security across all products and services.

As a leader, you will be a driving force in maturing the company's security strategy and vision, with cloud and application security, architecture, SDLC, security operations, and technology frameworks. Additionally, you will work hand-in-hand with stakeholders across the business to enable secure development and operational excellence of our infrastructure, services, and products.

Responsibilities:

• Lead and manage security engineering and security operations teams that are responsible for ensuring the security of our products, platforms, and cloud infrastructure.
• Be the product’s security thought leader. Learn from the various product teams and educate in both directions. Be recognized as the clear point of escalation and subject matter expert for the cyber security domains.
• Provide strategic direction, building, and managing security roadmap including security architecture, pen testing and bug bounty programs, SDLC and threat modeling, configuration management and hardening, vulnerability management, and Product Security Incident Response (PSIRT).
• Engage and collaborate with leaders and teams across infrastructure, engineering, operations, product development, and legal to integrate compliance and security principles throughout the product lifecycle
• Managing emerging issues and threats. Proactively monitor metrics and risk Indicators to ensure issues are identified, quantified, communicated, and managed on time, including guidance and recommendations for resolution of key challenges.
• Cultivate and oversee the group’s talent that champions curiosity, research, experimentation, innovation, and above all the opportunity to learn and grow.

Requirements:

• 8+ years of relevant information security experience. In addition, 4+ years of experience leading security teams or groups preferably in SaaS companies
• Experience architecting, leading, and driving the adoption of security solutions and platforms into production environments
• Demonstrable experience in the area of managing/assessing technical risk across a broad range of architectures at a senior level, including hands-on experience leading, designing, and delivering secure solutions.
• Proven hands-on experience and technical depth in one or more technology areas, including Cloud security, Data security, Platform security, Security Analytics, AuthN/AuthZ Management, or Application Security.
• Experience conducting architecture/code reviews to find and evaluate application and infrastructure security risks
• Experience leading a security team, developing controls for public cloud environment: Amazon Web Services (AWS), Google Cloud Platform (GCP).
• Technical expertise in a public cloud, Microservices, CICD/SDLC, Machine Learning, encryption, API architecture, and secure designs.
• Experience in one or more modern programming languages (Rust, Java, Python, etc.)