Application Security and Secure-SDLC Expert

CYE is looking for a talented Application Security and Secure-SDLC Expert to be a part of our team. As an Application Security Expert, you will take an active role in security development lifecycle activities and penetration testing that will help evaluate our customers’ security level and improve it. A typical job could be breaking into a critical system of a Fortune 500 organization, analyzing the Secure-SDLC security gaps in a large department in a huge enterprise, and reverse engineering an application and encryption method in order to gain access to sensitive data.

Responsibilities

• Manage, evaluate, and improve the application security development lifecycle of our clients.
• Identify, communicate, and drive the resolution of vulnerabilities.
• Research and advocate for new application security solutions and technologies.
• Continue to drive security evaluation earlier in the cycles through iterative security testing.
• Operate as an incident responder for triage pertaining to web-based vulnerabilities.
• Ensure customers’ security by hands-on penetration testing, hypothesizing threats, helping development teams remediate risks upfront, and executing secure implementation efforts.
• Improve secure coding practices, application security requirements, automation, training, and metrics.

Qualifications

• 3+ years of experience in Application Security Secure-SDLC practices, standards, methodologies, and software team escorting; including standards such as Microsoft SDL, OWASP SAMM, and OWASP ASVS.
• Experienced with threat analysis processes.
• Deep understanding of OWASP Top 10 and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies.
• Familiarity with a wide range of high-level programming languages (Java, JS, Python, etc.) and related secure Software Development Life Cycle (SDLC) activities.
• Significant advantage: hands-on experience in application penetration testing.
• Significant Advantage: Managerial experience.
• Advantage: Proven experience in high-level code auditing.
• Advantage: experience in CI\CD and CI\CD security.

About usCYE’s SaaS platform and experts enable security leaders to execute optimized security programs with significant business impact. CYE serves large companies in multiple industries around the world. With offices in Israel, New York, and London, CYE is funded by EQT Private Equity and 83North.