Head of Application and Product Security

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

At Bumble, we are seeking a forward-thinking Head of Application and Product Security who will not only empower our secure SDLC but also align closely with our Trust and Safety team to protect user data and proactively prevent abuse. This role requires an inspirational leader capable of integrating cutting-edge security practices into our AI-enhanced platforms across mobile and web environments.

You should be inspired by Bumble's mission to create kind connections and deeply understand the complexities of doing that securely and safely.

You are able to make complex topics simple through your domain knowledge and expertise. You help others navigate these complex topics to make good decisions based on data and when that data doesn't exist you are able to make decisions and stand by them. You are a humble expert with a sense of urgency to make things happen and bring others along with you.

You are empathetic to the challenges of software engineering and work with engineering leaders to build security in by design and are accountable to ensure your team is an authoritative source of risk analysis and prioritization.

You want to bring your experience in application and product security to new cross-functional domains like trust and safety, billing and payments and AI-powered technologies in the security domain.

What you'll do

• Responsible for the continuous development of an advanced secure SDLC framework, incorporating automation, machine learning, and contextual threat analysis.
• Ensure that any software developed and/or deployed meets the high standards expected to ensure the security and privacy of our customers.
• Enhance Bumble Inc.'s mobile and web application defences using the latest techniques in software composition, static and dynamic testing and threat modelling for systems written in Kotlin, Swift, PHP, Go and C.
• Conduct sophisticated security assessments and penetration testing to preemptively identify and mitigate potential threats.
• Lead and expand the application and product security team, fostering a culture of continuous learning and innovation in security practices.
• Collaborate extensively with our Trust & Safety area (including Product, Technical, Legal, Ops, and Policy) to develop technologies and processes that safeguard user interactions and data privacy across all platforms.
• Regularly update and present to senior management on security posture and product incident response.
• Own key metrics around product security incidents, and risk trends in the codebase.
• Supervise the application security efforts across the software engineering teams, providing technical guidance, and manage the application security budget and drive a security-first approach to software development and delivery.
• Promote active, continuous learning and improvement within your team. Cultivate team members' growth through feedback, coaching, and career development.
• Manage multiple concurrent projects while effectively solving problems that cross product boundaries.
• Establish strong partnerships and champion quality throughout a cross-functional organization to support the best possible security and engineering outcomes.
• Support developer productivity, through training, driving solutions and tooling.

Your experience and Skills:

• Bachelor's degree in Computer Science or related technical field; or relevant certifications such as OSCP, or equivalent publicly verifiable practical experience.
• Demonstrated experience in managing application security in high-stakes environments, preferably with exposure to both consumer and enterprise applications.
• Deep technical expertise in modern mobile app security, legacy and modern application architectures (e.g., microservices, containerization).
• A strong understanding of social engineering and other user-centred attack vectors.
• A track record of successful collaboration with trust and safety teams is a strong plus.
• Strong expertise in software engineering best practices.
• Experience in managing highly skilled application security assessors or engineers.
• Strong written and verbal communication skills, with high attention to detail.

About you:

• Your values align strongly with the Bumble Inc. values: Growth, Kindness, Equity, Accountability, and Honesty.
• A subject matter expert on security-critical areas such as authorization, authentication, and/or cryptography.
• Excellence as a great teammate who thrives in a collaborative environment.
• Ability to communicate with empathy when delivering constructive feedback to engineers.
• Be a constant learner who looks to solve interesting and challenging problems.
• Humble expert with a sense of urgency.
• Skilled at taking complex topics and making them simple.