- Job Type: Full-Time
- Function: IT
- Industry: Cloud Infrastructure
- Post Date: 02/19/2021
- Website: rapidapi.com
- Company Address: San Francisco
About RapidAPIRapidAPI is the world’s largest API marketplace where over half a million developers find and connect to thousands of public APIs. Rapid API allows developers to easily discover, evaluate, integrate with any API and reduce development cost and create a more stable, efficient, in addition to a scalable development process
RapidAPI is the world’s largest API marketplace and the company that is building the next-generation API platform. We enable developers and businesses to easily discover, test, and connect to any API, making it easier to create new software and services more rapidly. Funded by Andreessen Horowitz and Microsoft Ventures (M12), RapidAPI is experiencing rapid growth, fueled by an increase in the number of developers and companies using our platform. RapidAPI is used by millions of developers around the world and offers more than 20,000 APIs on the marketplace.
- RapidAPI is growing. We’re growing our developer community (over 2 million globally), we’re growing our monthly number of API calls (over 500 billion), and extensively growing our customer base in heavily regulated and data-sensitive sectors. To ensure our continued success you must be able to help us define, develop, and implement an Information Security Management and Operations Program for the SaaS sector we are defining.
- Information Security Management: Take ownership to ensure our technology stack for both production and internal systems meet the requirements defined in our ISMS policy manual and that the configurations maintain an appropriately robust security posture.
- Security Incidents: Make sure security issues are analyzed, appropriately categorized, and that actions are clearly defined and implemented.
- Vendor/Subcontractor Management: Whenever we change our operational processes, ensure that internal business partners implement appropriate controls to minimize security risks.
- Technology Implementation: Ensure new technology and/or cloud solutions are configured in a manner to ensure the integrity of our Information Security posture.
- Thought Leadership: Take a forward-looking view of technology changes that we might want to adopt, ensuring that we fully understand the security and privacy issues that apply to that technology before we invest significant time and capital into a technology that weakens our security posture.
- Architecture Review: Identify issues with our own infrastructure, IaaS implementation, and code prior to the independent quarterly penetration and vulnerability testing.
- Investigations: Investigate security breaches, verify ramifications, and initiate appropriate actions to resolve the breach and when necessary, develop a communications plan in the event that we are required to notify customers or regulators of the breach.
Continuous Improvement: Define and implement security applications, technologies, and practices to improve our security posture.
- CISSP: Certified Informations Systems Security Professional designation
- Driven the implementation of security applications, technologies, and practices to improve a company’s security posture.
- Created new security technology approaches at a previous company and implemented next-generation solutions for cloud security, identity and access management, email security, data loss prevention, vulnerability management, and threat intelligence.
- Worked with business partners to design and implement information security technical controls to address data risks, control gaps, and emerging threats.
- Diligent ownership of the testing security measures, including OS patches, system hardening, IaaS service infrastructure, and application configurations.
- Performed network and application technical vulnerability assessments using vulnerability assessment tools. Utilize penetration testing skills to conduct analyses to gather deeper situational awareness and provide greater security insight into our architecture and application security.
- Advanced the IaaS security architecture definition by driving the implementation of an agreed-upon security architecture across the service, developing and deploying real-time or near real-time analytics and alerting system (SIEM). Ensured that all relevant teams are appraised of the issues as they surface.
- Organized and managed the investigations of reported security breaches, determined what went wrong, generated plans to avoid repeats of the same crisis, and assisted in implementing the plan.
- Engaged with the business on the overall business technology roadmap, utilizing your knowledge of security technology and systems to help craft the future vision.