Apply for this position

Manager, Security

A Cloud Guru

1 month ago

Job type: Full-time

Remote (USA Only)

Hiring from: USA Only

Category: DevOps / Sysadmin

The Manager, Security role


A Security, Manager provides technical, delivery and people leadership to the Security Team. This person has a big circle of influence with the Engineering and Product leaders as well as Customer Support as they drive application security and security operations forward. This role will define a Security Strategy for ACG and be instrumental in obtaining certifications ensuring compliance and regulations standards are met. 

Hello, we're A Cloud Guru

Our friends call us ACG.


A Cloud Guru was built by engineers for everyone, everywhere. Here, you’ll have the freedom to follow your curiosity. We’re not afraid to just try, because when you’re working with cutting edge technologies, experimentation and trying out new ideas have to be encouraged and celebrated. Our engineers are building the world’s largest (and most awesome) cloud learning platform. Why? Our mission is to teach the world to cloud. Our fun, practical courses have helped over 1.5 million people learn to cloud, and we’re just getting started.

We’re not a training company that just decided to sell training courses. We grew up out of the cloud ecosystem. We were a bunch of cloud engineers who pulled people together to create a training platform. That’s why we’re genuinely passionate about what we create. And we are known for practicing what we preach.

What makes the Product & Technology team awesome...

Learning to cloud means unlocking a world of possibilities for our students. Using the latest tech, we design the tools to teach people cloud faster and better. The team is talented (and a little quirky), and we’re all in it together.

  • Cutting-edge tech We’ve built a cloud-first Serverless Architecture with tools like Lambda, API Gateway, GraphQL, ReactJS, 
  • Founded by engineers Having a CEO who’s also an engineer is nice — he knows the effort it takes to make things awesome.
  • We don’t bite We’re friendly, down-to-earth, and collaborative. There are no high-performing jerks and no heroes. Just great teams.
  • Hungry and humble We’re dedicated to learning all the things to create the best product possible.

You'll do well at ACG if you're open to learning and trying new things, and you like to be surrounded by other friendly, passionate and driven people. –Natasja, Makeup Guru (and Software Developer)

As a Security, Manager at ACG, you’ll get to:
  • Define security policies, processes and controls
  • Evaluate internal technology risk processes as it relates to App Pentest, FOSS (Free and Open Source Software), SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing)  and provide process governance
  • Oversee regulations and compliance with industry standards such as GDPR, PCI, SOC 2, ISO27001, CCPA etc
  • Coordinate biweekly Security Council meetings, maintaining issue logs and follow-up on actionsIntegrate security tools, standards, and processes into the Product Development Cycle in collaboration with Engineering Managers
  • Integrate security tools, standards, and processes into the Product Development Cycle in collaboration with Engineering Managers
  • Manage the application security threat modeling process and coordinate application threat models against the ACG’s applications
  • Facilitate the resolution of incidents involving security concerns
  • Drive strong Agile delivery practices, with a focus on lean and systems thinking
  • Guide Security team engagements to champion security

We are looking for someone who can:

  • Develop and maintain a vision for the Security team that supports ACG’s strategic goals
  • Develop strategic security capabilities to support the evolution of our ACG platform while focusing on business and customer outcomes
  • Collaborate with senior Product & Engineering leaders, Legal, Customer Support and other departments to build and maintain application security initiatives and automation efforts
  • Provide oversight of the technical approaches and security tooling chosen by the team
  • Lead a team of highly technical security professionals, providing direction, coaching, mentoring and development to direct reports
  • Build and promote a culture of collaboration, learning, knowledge sharing and experimentation
  • Value individuals and embrace diversity by integrating differences and promoting diversity and inclusion across teams
What you bring to the table

We focus on hiring values aligned people, because we believe the right person can learn all the things to be successful in their role. Self-confidence plays a big part in what you apply for. We encourage all job applicants to apply even if they are nervous to do so. College degrees aren't required for any roles, and career gaps or switches are totally welcome.

  • CISSP (Certified Information Systems Security Professional) Certification
  • 4+ years experience leading App Sec & Sec Ops teams, uplifting technical capabilities of the team and delivering security projects
  • Experience developing governance and compliance policies and processes for Security in AWS
  • Experience with management of Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools
  • Experience with application security risk, cloud architectures (including AWS), application threat modeling and policy writing
  • Familiar with regulatory standards such as ISO27001, PCI, SOC 2, GDPR and CCPA
  • Good understanding of Agile Software Development Life Cycle and have experience integrating secure development practices into this model
  • Excellent communication, stakeholder management and organizational skills

We want the people who care about doing a good job. The ones who have the humility and hunger to learn. - Sam Kroonenburg, Co-Founder and CEO

More than a job

Where you work isn’t just a career decision -- it’s a life decision. We get it. That’s why we want all of our Gurus to feel a sense of belonging that comes from feeling supported in all areas of their lives. Everyone has family, friends and interests outside of their careers, so we offer perks and benefits to make work, work better for you.

  • 4 weeks PTO, plus 10 sick days, and holidays. Whether it's hiking to a waterfall in Costa Rica or bonding with your couch, we all need downtime. All Gurus get four weeks paid time off, 10 sick days, and enough holiday to make a banker blush.
  • Let's get lunch. Lunches are catered three times per week, and our kitchen stays stocked with a smorgasbord of the team’s most requested snacks and drinks.
  • Parking is on us. We have your Downtown parking covered. We offer paid garage parking nearby the office. We also have perks for going green by walking and taking public transit.
  • We’ve got you covered. We offer insurance plans that pay for 100% of your medical, dental, and vision, and 80% for your family/dependents.
  • Gender-neutral paid parental leave. Expanding your family? We offer 12 weeks of gender-neutral paid parental leave, and reimburse up to $10,000 for eligible adoption expenses.
  • $1,000 continuing education budget. All Gurus get $250 a quarter to spend on personal development, and 2 hours each week reserved for learning something new.
Remote where?

The A Cloud Guru team has grown a lot since it was just two brothers with a dream of teaching the world to cloud! We now employ gurus in 30 states of the USA as well as in Australia and the UK. For the time being that’s as far as we can go. We won’t bore you with the details, but setting up the extra operations we would need to employ people in new states or countries is a little bit more expensive than replicating your database in another AZ, if you know what we mean. So as much as we would love to have staff in as many countries as we have students, we are only opening this role to applicants in areas we currently have operations.

If you’re not sure if your US state is included, please still apply! We will let you know if you are in a state that we currently don’t have operations. If anything changes we will reach back out.

What’s the interview process like at ACG?

Applying for a job can feel intimidating and like a full-time job of its own. You shouldn’t have to burn through a week of sick time or all your best out-of-office excuses just to put feelers out for a new career opportunity. We want to be as transparent about the process as possible to help ease your mind. It’s our goal to provide you a fair, efficient interviewing experience that respects you and your time — and to do it all with a sidecar of delight.

Once you submit an application, we’ll review it. If you’re a good fit, you’ll have an initial chat with a recruiter over the phone. A phone interview with a manager typically follows. Depending on your role, you might then be asked to do a little homework (but nothing too time consuming). Then we’ll schedule a Zoom call to meet other members of the team, answer any questions you have, and give you a feel for what it’s really like to work at ACG. If you're on the fence, just give it a try.

Keep being awesome, Cloud Gurus.

Before you apply, please check if any restrictions apply in terms of time zone or country.

This job has a geo-restriction in place: USA Only.

Apply for this position

Please mention that you come from Remotive when applying for this job.

Does this job need an edit? 🙈

similar jobs

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!