Product Security Manager

Job description

Our mission is to defend human rights and democracy through building software that is essential for digital freedom and privacy protection for all Internet users.

ProtonMail was founded in 2014 by a group of scientists who met at the European Organization for Nuclear Research (CERN). And since its inception, the company has grown at a fast pace and today has over 36 million users. Our principal product, ProtonMail, is the world’s largest secure email service. Our second product, ProtonVPN, is one of the world’s most popular VPN services. Our vision is to build an Internet platform for the protection of digital rights, and we are also developing additional products such as ProtonCalendar, ProtonDrive, and much more.

Proton users include leaders of the Hong Kong protest movement, New York Times journalists, some of the world’s largest corporations, and millions of ordinary citizens from over 180 countries. Our team is diverse and dynamic, representing over 30 different nationalities, with offices in Geneva, Zurich, Prague, Vilnius, Skopje, San Francisco, and Taipei

Privacy is at the core of our services. We strive to protect our users' data as much as possible. Our software engineers are passionate about security, and we develop our products and software to follow the highest security standards. As our products mature, they also become more complex. To maintain our high standards, we are building a secure software development life cycle specific to our threat model. We are looking for a Product Security Manager to help develop this program. This position is a member of the Proton Security team, which handles all security issues for the organization and supports the product development teams.

Role description

You will primarily be responsible for building up our secure software development program by collaborating with representatives from each development team. These representatives meet regularly as part of our Security Champions program, which you will manage. And as a member of the Security team, you will ensure that product security principles align with the company's general security principles.
This position requires an extensive combination of hard and soft skills. On the one hand, we expect you to have a thorough knowledge of secure software development practices. You need to understand common IT security pitfalls, know how to avoid them, and if the worst comes to pass, be able to help mitigate vulnerabilities. But you must also know how to motivate people and feed their interests to help build up a company-wide security program that is useful for beginners and veteran developers alike.
You will also be responsible for building up the Proton Product Security Incident Response Team (PSIRT). Ideally, you will have worked in a PSIRT in one of your previous positions.

Responsibilities

  • Grow Proton's secure software development program in collaboration with senior developers
  • Take ownership of the Security Champions program
  • Work with development teams to identify security weaknesses in products
  • Build and manage a virtual PSIRT
  • Coordinate and collaborate with the Crypto Team
  • Support the Proton Bug Bounty program
  • Work with the Security team to tightly integrate the development and operation of our services

    Job requirements

    • Demonstrated ability to support multiple teams working on divergent tasks 
    • Strong organization and project management skills
    • Experience as a developer
    • You still enjoy getting your hands on code
    • Experience in secure development
    • Experience in incident response
    • Experience conducting security research / pentesting / white hat hacking
    • Five years of relevant experience.

    We realize that you can't have previous experience in every field. Security is as much about technology as it is about human factors. You will need to be able to work with highly skilled individuals, sometimes under a lot of pressure. Therefore, you must like working with people. If you feel you are up for the job but don't satisfy all the listed requirements, please talk to us. Being a good fit with our values and culture is as important as technical skills for this position. This position could be performed remotely for suitable candidates.



    Why you should join Proton:

    • We work on interesting, challenging problems every day. There is never a dull moment.
    • Our startup culture means everyone’s opinion matters. You can have a significant impact.
    • Our rapid growth means there are many opportunities for advancement.
    • The chance to do something meaningful. Proton products protect dissidents, journalists, and activists. Our work saves lives.
    • Be part of something bigger. Millions of people and businesses around the world have embraced our idea of an Internet where privacy and security are the default. Join the privacy revolution that is changing the world.


          ProtonMail uses the Recruitee recruitment platform for more effective hiring process and a better candidate experience. Your data will always be kept confidential and is not shared with any third parties. Keep in mind that you will receive emails from the email address careers@protonmail.recruitee.com or other addresses on the protonmail.recruitee.com domain.