Principal Security Engineer

At GoDaddy the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely.​ This is a remote position, so you’ll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or meetings.   Join Our Team Do you want to be an Information Security Leader at GoDaddy? We help solve large scale and cross-company issues, while ensuring that partnership with the development and operational communities remains front of mind. GoDaddy is looking for a Principal Security Engineer with security risk management experience, technical depth, strong leadership abilities, and experience with building and performing information security audits and gap assessments. You must be comfortable communicating with internal teams and external auditors, designing and leading security campaigns, prioritising resolution of audit findings while applying a risk-based approach. As a team, we will help identify any gaps in security control implementation, design solutions to manage security risks at scale and provide the information needed to make risk-based decisions and planning. What you'll get to do... Build and manage a Security Controls framework that encompasses the regulatory and industry compliance frameworks we comply with. Perform detailed analysis and review of information security controls, as well as targeted gap assessments to identify any deviations from the framework. Propose and manage enterprise-wide security campaigns for managing deviations to reduce risk. Partner with other InfoSec and Engineering teams to define and prioritise security initiatives and investments using a risk-based approach. Align risk management initiatives with applicable compliance regulations. Your experience should include... 10+ years of experience in Information Security or related fields such as Software Development, System Administration, QA Engineer, IT Audit, etc. Minimum of 6+ years of progressive experience managing programs related to information security and information security audits. Experience with building unified security controls frameworks. Experience with managing audits utilizing compliance frameworks such as PCI DSS, NIST CSF, NIST 800-53, ISO, SOC-2 etc. Experience with Security Engineering concepts such as Threat modeling, architecture reviews, etc. You might also have... Certifications such as PCI QSA/ ISA, CISA, CRISC, ISO Lead Assessor, CISSP, etc. Prior experience with system administration, scripting, and/or automation techniques. We've got your back...  We offer a range of total rewards that may include paid time off, retirement savings (e.g., 401k, pension schemes), bonus/incentive eligibility, equity grants, participation in our employee stock purchase plan, competitive health benefits, and other family-friendly benefits including parental leave. GoDaddy’s benefits vary based on individual role and location and can be reviewed in more detail during the interview process. We also embrace our diverse culture and offer a range of Employee Resource Groups (Culture). Have a side hustle? No problem. We love entrepreneurs! Most importantly, come as you are and make your own way.  About us...  GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online, making opportunity more inclusive for all. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights, and people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us. At GoDaddy, we know diverse teams build better products—period. Our people and culture reflect and celebrate that sense of diversity and inclusion in ideas, experiences and perspectives. But we also know that’s not enough to build true equity and belonging in our communities. That’s why we prioritize integrating diversity, equity, inclusion and belonging principles into the core of how we work every day—focusing not only on our employee experience, but also our customer experience and operations. It’s the best way to serve our mission of empowering entrepreneurs everywhere, and making opportunity more inclusive for all. To read more about these commitments, as well as our representation and pay equity data, check out our Diversity and Pay Parity annual report which can be found on our Diversity Careers page. GoDaddy is proud to be an equal opportunity employer. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. Refer to our full EEO policy. Our recruiting team is available to assist you in completing your application. If they could be helpful, please reach out to myrecruiter@godaddy.com.  GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.