עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
While this role encompasses both application and infrastructure security, our primary focus is on the Application Security domain. You will lead our transition towards a mature DevSecOps organization, ensuring that security is seamlessly embedded into every phase of our SDLC without compromising delivery speed.
Key Responsibilities
Application Security & Secure Engineering:
Secure SDLC Integration: Embed security practices throughout the entire SDLC, from initial design and planning to deployment and maintenance.
Threat Modeling & Architecture: Lead threat modeling (e.g., STRIDE) and architectural reviews for high-risk features like authentication, PII, and payments.
AppSec Tooling & Automation: Integrate and manage automated security scanning (SAST, SCA, DAST) within CI/CD pipelines to ensure code integrity seamlessly.
Mobile & API Security: Enforce least-privilege models for API configurations. Lead security initiatives specifically tailored to mobile environments (iOS/Android), protecting our core mobility platform.
Offensive Security & Pentesting: Orchestrate internal red teaming and external penetration tests for web and mobile applications. Manage Vulnerability Disclosure Programs (VDP) / Bug Bounties.
Developer Empowerment & DevEx: Collaborate with developers to provide automated tools, coding guidelines, and frictionless guardrails for secure-by-design development, ensuring security acts as an enabler, not a blocker.
Incident & Vulnerability Management: Act as the technical escalation point for application security incidents, leading detection and recovery efforts, while prioritizing vulnerabilities across the product suite for timely remediation.
Cloud & Infrastructure Security:
Cloud & Network Posture: Manage cloud security posture (CSPM) across AWS/GCP and oversee broad network security measures, including WAF, Bot management, and environment segmentation.
Pipeline & Secrets Management: Secure the CI/CD infrastructure against tampering and enforce robust secret management and secure repository controls across the organization.
Resilience & Recovery: Manage disaster recovery (DR) and business continuity planning for production environments.
Governance, Culture & Compliance:
DevSecOps Strategy: Lead the strategic evolution of DevOps into a mature DevSecOps model, aligning with industry frameworks like OWASP SAMM and NIST SSDF.
Metrics & Measurement: Define and track key security metrics (e.g., MTTR, vulnerability density) to measure and improve program effectiveness.
Security Champions: Build and mentor a Security Champions program within R&D to scale security knowledge and foster a grassroots culture.
Compliance & Privacy: Ensure continuous compliance with PCI-DSS, ISO27001, and GDPR, championing privacy-by-design principles across all user data and R&D operations.
5+ years of proven experience with a strong emphasis on Application Security, Product Security, and Developer interaction. Cloud/Infrastructure security experience is highly valued but secondary to AppSec expertise.
Hands-on experience with AppSec tooling across the CI/CD pipeline, mobile application security (iOS/Android), and robust API security management.
Solid understanding of cloud architectures (AWS/GCP), secret management, and security posture tools.
Deep understanding of OWASP SAMM, NIST, Threat Modeling (STRIDE), and regulatory standards (PCI-DSS, GDPR).
Exceptional communication skills with the ability to bridge the gap between engineering, C-level executives (CISO/CTO), and security teams to embed a security culture seamlessly.
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.