Senior Application Security Engineer

Summary

Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: “Is my data safe?

At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We’ve built the industry’s first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.

At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.

We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.

We are seeking an experienced and proactive Senior Application Security Engineer with Coding\Scripting experience(DevSecOps experiences) to join our Product Security team within the R&D department. This role is crucial for designing and implementing a robust Secure Software Development Lifecycle (SSDL) process and technology stack. The ideal candidate will have a strong background in product security, coupled with expertise in DevOps, application security, and infrastructure management. The role also involves close collaboration with DevOps, development, and SOC teams.

Responsibilities

• Design, build, and implement the Secure Software Development Lifecycle (SSDL) process, integrating security into all stages of the software development lifecycle.
• Develop and oversee the implementation of security tools and technologies, including SAST, DAST, SCA, SNAP, ASPM, CDR, vulnerability scanners, and Kubernetes (K8s) security tooling.
• Validate and secure Infrastructure as Code (IaC) using tools like Terraform, ensuring compliance with security best practices.
• Contribute directly to the development and security of CI/CD pipelines and IaC code.
• Collaborate closely with DevOps, development, and SOC teams to embed security practices into product development from initial design through to deployment.
• Conduct security assessments, code reviews, and vulnerability analysis using CVSS or similar methodologies to identify and mitigate risks.
• Automate security testing and compliance checks across Azure DevOps pipelines and cloud environments, focusing on Azure, AWS, and Kubernetes.
• Provide expert guidance on secure coding practices and help establish security policies and standards.
• Monitor and respond to security incidents across both Windows and Linux environments, driving continuous improvement in security posture.
• Lead projects to completion, motivate team members, and foster a collaborative and high-performing team environment.
• Exhibit strong self-driven learning abilities, staying current with industry trends and technologies.
• Proactively identify and drive security initiatives, taking ownership and pushing boundaries to ensure the highest security standards.
• Implement and manage metrics and monitoring systems, ensuring comprehensive visibility into security performance. Experience with building a security data lake is an advantage, particularly with Azure Analytics and Sentinel.
  
  

• 5+ years of experience in Application Security, with a focus on building and securing software development processes and Automation Creation.
• Proven expertise in designing and implementing Secure Software Development Lifecycle (SSDL) processes and related technologies.
• Proficiency in cloud platforms, particularly Azure and AWS, with experience in securing cloud-native applications and Kubernetes environments.
• Expertise in security tools and processes, including SAST, DAST, SCA, ASPM, CDR, vulnerability scanners, and Kubernetes security tooling.
• Hands-on experience with Azure DevOps, including integration of security tools within CI/CD pipelines, and oversight of IaC security using Terraform.
• Strong coding and scripting skills in Python, Bash, and PowerShell, with experience across both Windows and Linux environments.
• Experience in metrics and monitoring, with the ability to build and manage security data lakes. Knowledge of Azure Analytics and Sentinel is a plus.
• Advantageous certifications and knowledge: AWS, Azure, CISSP, CCSK, Kubernetes (K8s).
• Knowledge of compliance frameworks such as FedRAMP, PCI, and SOC2 is an advantage.
• Ability to lead and motivate teams, with a proactive approach to learning and driving security initiatives.