AppSec Analyst Team Lead

Legit Security is a cybersecurity company offering an enterprise ASPM platform that secures organizations' software supply chains across both on-premises and cloud environments. Our mission is to protect businesses from emerging threats targeting software development processes, ensuring secure software is built from the ground up.

What You’ll Do:

As the Team Lead for Application Security Analysts, you will play a dual role: leading a high-impact team of AppSec researchers while remaining hands-on with cutting-edge security research and analysis.

• Lead and mentor a team of Application Security Analysts, setting priorities, reviewing work, and supporting professional development
• Drive and guide research initiatives across domains like SAST, SCA, secrets exposure, misconfigurations, AI security, and more
• Develop detection logic and security signatures for static analysis engines and pipeline tools
• Oversee codebase, pipeline, and environment analysis to model real-world attack vectors and propose mitigation strategies
• Coordinate vulnerability investigations, emerging CVEs, and package-related threats
• Collaborate cross-functionally with other researchers, analysts, and engineering teams to convert research into productized security features
• Set technical direction and best practices for threat modeling, tooling, and research methodologies
• Balance strategic thinking with deep technical dives, staying close to both the team’s day-to-day and long-term roadmap

What You’ll Bring

• Proven experience in Application Security / Product Security / Security Research, including previous leadership or mentorship responsibilities
• Strong coding skills – confident in analyzing and writing code (e.g., Python, JavaScript, Go, etc.)
• Hands-on expertise with AppSec tools (e.g., CodeQL, Semgrep, TruffleHog, GitGuardian)
• Deep understanding of secure development practices, software vulnerabilities, and real-world exploit paths
• Ability to balance tactical execution with strategic leadership
• Excellent communication skills and a passion for guiding and growing talent

Bonus Points For:

• Experience running or contributing to bug bounty programs or vulnerability disclosures
• Experience building or applying AI/ML models in cybersecurity
• Prior experience scaling AppSec teams or research programs

Why Join Us?

• Lead and shape a team at the forefront of the fast-growing ASPM space
• Make a direct impact on a platform used by security teams worldwide
• Join a research-driven culture that values technical depth, creativity, and curiosity
• Be part of a collaborative, highly technical environment with significant room for ownership and growth

Let me know if you’d like a version formatted for a LinkedIn job post, or if you'd like to add more about the company/team culture.