About NEXT
<p><strong>Location: Kfar Saba, Israel (hybrid)</strong></p>
<p> </p>
<p>Next Insurance, founded in 2016 and headquartered in Palo Alto, is an insurtech company offering digital insurance solutions tailored to small businesses across the U.S. By leveraging AI and machine learning, the company provides customized policies for sectors such as general liability, professional liability, and commercial auto insurance. Business owners can easily receive quotes and purchase coverage through the platform online.</p>
<p>To date, Next Insurance has raised over $1.1 billion in funding, including a $265 million strategic round in November 2023, led by Allstate and Allianz X. This funding is intended to accelerate the company's path to profitability and expansion. A strategic partnership with Allstate enables Next Insurance to develop new commercial auto products and extend its offerings to Allstate’s customer base.</p>
<p>Serving more than 500,000 small businesses nationwide, Next Insurance employs around 700 people, with offices in Palo Alto, Waltham, Rochester, Israel, and some remote roles.</p>
<p> </p>
<p>We are looking for a Director of Product Security who will lead our product security group at Next Insurance. You will be reporting to our VP, Chief Security Officer, and will be at the forefront of the security work, guiding our secure development practices and application security across all products and services.</p>
<p>As a leader, you will be a driving force in maturing the company's security strategy and vision,with cloud and application security, architecture, SDLC, security operations, and technology frameworks.Additionally you will work hand-in-hand with stakeholders across the business to enable secure development and operational excellence of our infrastructure, services, and products. </p>
<h2><span style="font-size: 10pt;"><strong>Responsibilities:</strong></span></h2>
<ul>
<li>Lead and manage security engineering and security operations teams that are responsible for ensuring the security of our products, platforms, and cloud infrastructure.</li>
<li>Be the product’s security thought leader. Learn from the various product teams and educate in both directions. Be recognized as the clear point of escalation and subject matter expert for the cyber security domains.</li>
<li>Provide strategic direction, building, and managing security roadmap including security architecture, pen testing and bug bounty programs, SDLC and threat modeling, configuration management and hardening, vulnerability management, Product Security Incident Response (PSIRT).</li>
<li>Engage and collaborate with leaders and teams across infrastructure, engineering, operations, product development, and legal to integrate compliance and security principles throughout the product lifecycle</li>
<li>Managing emerging issues and threats. Proactively monitor metrics and risk Indicators to ensure issues are identified, quantified, communicated, and managed on time, including guidance and recommendations for resolution of key challenges.</li>
<li>Cultivate and oversee the group’s talent that champions curiosity, research, experimentation, innovation, and above all the opportunity to learn and grow. </li>
</ul>
<p> </p>
<p><span style="font-size: 10pt;"><strong>Requirements:</strong></span></p>
<ul>
<li>8+ years of relevant information security experience. In addition, 4+ years of experience leading security teams or groups preferably in SaaS companies </li>
<li>Experience architecting, leading and driving the adoption of security solutions and platforms into production environments </li>
<li>Demonstrable experience in the area of managing/assessing technical risk across a broad range of architectures at a senior level, including hands on experience leading, designing and delivering secure solutions.</li>
<li>Proven hands-on experience and technical depth in one or more technology areas, including Cloud security ,Data security, Platform security, Security Analytics, AuthN/AuthZ Management, or Application Security.</li>
<li>Experience conducting architecture/code reviews to find and evaluate application and infrastructure security risks</li>
<li>Experience leading a security team, developing controls for public cloud environment: Amazon Web Services (AWS), Google Cloud Platform (GCP).</li>
<li>Technical expertise in public cloud, Microservices, CICD/SDLC, Machine Learning, encryption, API architecture and secure designs.</li>
<li>Experience in one or more modern programming languages (Rust, Java, Python, etc.)</li>
</ul>
<div class="content-conclusion">
<p> </p>
</div>
<p> </p><div class="content-conclusion"><p> </p>
<p><em><span style="font-weight: 400;">Don’t meet every single requirement? Studies have shown that some underrepresented people are less likely to apply to jobs unless they meet every single qualification. At NEXT, we are dedicated to building a diverse, inclusive and respectful workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.</span></em></p>
<p> </p>
<p><em><span style="font-weight: 400;">One of our core values is 'Play as a Team'; this means making sure everyone has an equal chance to participate and make a difference. We win by playing together. Next Insurance is an equal opportunity employer and prioritizes building a diverse and inclusive workplace. We provide equal employment opportunities to all employees and applicants of any type and do not discriminate based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job-related characteristics or other prohibited grounds specified in applicable federal, state, and local laws. Next's policy is to comply with all applicable laws related to nondiscrimination and equal opportunity and will not tolerate discrimination or harassment based on any of these characteristics. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. </span></em></p></div>