Engineering Manager, Application Security

There is only one Data Cloud. Snowflake’s founders started from scratch and designed a data platform built for the cloud that is effective, affordable, and accessible to all data users. But it didn’t stop there. They engineered Snowflake to power the Data Cloud, where thousands of organizations unlock the value of their data with near-unlimited scale, concurrency, and performance. This is our vision: a world with endless insights to tackle the challenges and opportunities of today and reveal the possibilities of tomorrow.

At Snowflake, every engineer owns the security of the code they produce. The Product Security team equips engineers with the right knowledge, tools, testing and support, at the right time, to create secure designs and implementations every single day.

Snowflake Engineers are our customers, and our priority is making them successful by helping them ship securely and quickly while working together to make everything secure-by-default.

As the leader of the Application Security Assurance team, you will be responsible for establishing and executing the team roadmap, guided always by our extreme commitment to developer-driven security. The majority of your team’s projects will focus on increasing developer autonomy through automated tooling, automated security policy violations detection, and using data to drive security outcomes. The team also provides direct support for development projects with high security risk or business impact, so success depends on our ability to engage proactively with teams to set clear and relevant security requirements as early as possible.

Our ideal candidate wakes up every day thinking about ways to scale security. Their goal is to lower risk while letting the business move quickly and safely. They believe Security should be an inherent property of the tools and processes engineers use every day. They have a “builder” mindset and can communicate to engineering teams with credibility and empathy.

RESPONSIBILITIES: 

• Hire, develop, and manage a team of security engineers while providing technical vision and direction for the team
• Provide world-class security engineering and consulting services to identify risks and solve security challenges at scale
• Support scalable risk assessments and threat models through developer self-service
• Directly support high impact projects with expert guidance on secure architecture, design, and implementation
• Manage the Security Partner program to create distributed security ownership and expertise
• Deploy and manage security automation tools, including SAST, DAST, and SCA, to catch security bugs early and provide actionable feedback to developers
• Design, plan, and execute projects which identify security requirements, promote the use of secure defaults, and verify the security of implementations

MINIMUM QUALIFICATIONS:

• 7+ years working hands-on in an information security or software engineering discipline
• 3+ years experience managing a security or software engineering team
• Expert understanding of software security architecture and design, threat modeling, code review, SDLC best practices, and mitigations for common application security issues
• Strong grasp of software development processes including prototyping, writing and testing code, peer reviews to maintain code quality, automated test and deploy pipelines, and production support
• Development experience in programming languages like Java, JavaScript, Python, C/C++, Golang
• Knowledge of modern security testing tools and techniques
• Understanding of current cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
• Demonstrated ability to collaborate with other teams to achieve complex objectives
• Excellent organizational, communication, and leadership skills

PREFERRED QUALIFICATIONS:

• Previous experience leading an application security program, with a clear vision for how to measure effectiveness and improve over time
• Expert understanding in security for one or more public cloud provider: AWS, Azure, GCP
• Prior experience working in a high growth, cloud native technology company
• Familiarity with cybersecurity, privacy, and compliance frameworks
• Ability to write SQL queries and build dashboards, metrics, and reports to drive security outcomes
• Have read and are capable of implementing ideas from “Site Reliability Engineering” and “Building Secure & Reliable Systems”

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake. 

How do you want to make your impact?