Application Security Team Leader
CYE
Herzliya, Israel
Posted on Feb 6, 2025
CYE is looking for a talented Application Security and Secure Software Development Lifecycle (Secure-SDLC) Expert to lead our elite security researchers team. As an Application Security Leader, you will take an active role in leading various services including penetration testing and security development lifecycle activities that will help evaluate our customers’ security level and improve it. A typical job could be breaking into a segmented secure system at a Fortune 500 organization or perform a threat modeling process for a critical enterprise system.
Responsibilities
- Ensure customers’ security by hands-on penetration testing, hypothesizing threats, helping development teams remediate risks upfront, and executing secure implementation efforts
- Escort, evaluate and improve the application security development lifecycle of our customers, including Secure-SDLC gap analysis, threat modeling and other related activities
- Improve secure coding and Secure-SDLC practices, application security requirements, automation, training, and metrics
- Lead the internal Secure-SDLC process of the R&D department in CYE
- Identify, communicate, and drive the resolution of vulnerabilities as an application security domain expert
- Research and advocate for new application security solutions and technologies
- Continue to drive security evaluation earlier in the cycles through iterative security testing
Qualifications
- 5+ years of experience in Application Security including penetration testing, deep understanding of major Application Security attacks, vulnerabilities, and mitigations including XSS, CSRF, SQL Injection, Deserialization, RCE, etc.
- Experienced with Secure-SDLC methodologies and standards such as Microsoft SDL, OWASP SAMM, and OWASP ASVS
- Experienced with threat analysis processes
- Experienced with web & mobile application security, API analysis, and unique client/ server architectures
- Experienced in code auditing and best practices
- Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
- Managerial experience
- Relevant certifications such as CEH and EWPTX – an advantage
- Hand-on proven experience in software development or familiarity with a vast range of high-level programming languages (Java, JS, Python, etc.) – an advantage
- Familiarity with cloud environments – an advantage
About us
CYE’s exposure management platform, Hyver, transforms the way security teams protect their organizations. With CRQ at its core, Hyver reveals exposure in financial terms, visualizes attack routes to critical business assets, and creates tailored mitigation plans. Founded in 2012, CYE has served hundreds of organizations globally.