Management Leader - Security Engineering

Mountain View, California, United States

23andMe is looking for an experienced security leader to head our Security Engineering team. You must have excellent people management skills, project management skills, and the ability to work with cross-functional teams (Engineering, Product, Legal, IT, and Customer Success). You’re expected to leverage your experience and expertise, your team, our company resources, and industry best practices to secure our customer data and corporate assets.

Who we are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome.  We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.

What you'll do

  • Lead, mentor, and manage a security team responsible for researching, developing, implementing and supporting company-wide security initiatives.
  • Attract top talent and incorporate them into a highly functional and fun team
  • Manage initiatives to design, configure, implement and test strategic security system solutions to address complex technical and business requirements using a risk-based approach.
  • Drive initiatives to operationalize and automate security infrastructure.
  • Implement security controls associated with our HITRUST, ISO 27001, and GDPR compliance efforts across the company.
  • Partner with tech leads, senior management, and customers across the company to ensure that corporate information security projects receive appropriate prioritization and resources.
  • Work with IT Management, Vendor Management, Information Security Operations, Internal Audit, Legal, and Business Lines to ensure alignment and that Information Security and IT Governance are appropriately incorporated into all areas of the company.
  • Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operational health
  • Hands on experience with operating in an AWS or other cloud environment, including an understanding of costs
  • Manage and optimize logging, monitoring, correlation and alerting tools and the orchestration through a security information and event management (SIEM) solution
  • Support and assist with external audits/assessments, certifications and accreditations to achieve and maintain compliance
  • Provide status updates and presentations to upper management
  • Identify, assess, and prioritize IT risks to corporate data and systems, including external threats, cyber-crimes, internal threats and exposure to third-party vulnerabilities.

What you’ll bring

  • A minimum of 5 years of experience as an information security operations manager, or similar role, leading direct reports and projects, including hands-on technical management.
  • B.S./M.S. in Computer Science or related degree
  • CISSP, CISM, AWS Security/Architect or other security certifications are a plus.
  • Experience building and managing a team of security professionals.
  • In-depth experience in medium to complex computing environments, with advanced knowledge in security technologies and services.
  • A keen analytical mind for problem solving, abstract thought, and offensive security tactics.
  • Strong interpersonal skills, including excellent written and oral communication skills.
  • Ability to articulate complex issues to executives and customers
  • Experience with compliance frameworks, standards and assessments such as ISO 27001, HITRUST, SOC2, PCI, HIPAA, NIST, etc.
  • Experience in CI/CD Environment
  • Experience operating in an AWS or other cloud environment, including an understanding of costs
  • Understanding of modern software development for the web and mobile (Android, iOS)
  • Experience with vulnerability scanning and distributed network assessment tools like Inspector, Qualys, SourceClear, Burp, etc.
  • Demonstrated experience with managing and ensuring the timely response and investigations of security events and incidents
  • Familiarity with enterprise productivity tools, such as Confluence, JIRA, ZenGRC, etc.
  • Experience managing IDS, IPS, vulnerability management, AV, and SIEM tools. solid understanding of log and monitoring management systems, security event monitoring systems, network-based and host-based intrusion detection systems, firewall technologies, malware detection and enterprise-level antivirus solutions/systems and encryptions standards

About Us

23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.