Application Security Team Leader

Who we are

Cybereason is the champion of today’s cyber defenders, providing operation-centric attack protection. Our Defence Platform moves beyond endless alerting to instead recognize, expose, and end malicious operations before they take hold. Cybereason is an international company who defends the world's top brands in more than 50 countries.

Nice to know

• Our Israeli site is located in Tel Aviv at Alon 1 tower, next to Hashalom train station
• Hybrid work model
• Flexible working hours
• “Best high tech companies to work for” (by Dun’s100)

You’ll be part of our Infrastructure Security group

The Infrastructure Security group, protects our own infrastructure, collaborates with our research and development on product security, manages certifications related to Governance, Risk, and Compliance (GRC) and security value. The team works closely with our internal Information Technology team to defend employees across the globe and promote security awareness. The security team also embraces thought leadership and develops policies to promote a more secure world.

In this position you will

• Work closely with Product, R&D and DevOps teams to define high level and detailed security requirements for various features.
• Lead the AppSec team of Engineers and Offensive security to collaboratively build the Cybereason security posture.
• Build, maintain, and improve AppSec processes & tools.
• Work with R&D teams to review code for security vulnerabilities (manual and automated)
• Perform periodic application level penetration tests on major features and versions.
• Evaluate the security posture of various 3rd party tools, libraries and vendors from application security perspective.
• Drive and track the progress of security bug resolution with R&D and DevOps teams.
• Work on RFP and Audit responses as needed.

What We’re Looking For

• 4+ years of experience in hands-on application security field including SDLC process.
• 2+ years of Leadership experience.
• Deep knowledge of common application level vulnerabilities and mitigation (OWASP top 10, SANS 25, etc).  
• Strong manual code review skills in Java, C/C++, Python, Node.js.    
• Good knowledge of secure coding best practices and ability to guide R&D teams on how to write secure code.  
• Experience with SAST tools
• Familiarity with docker containers, Kubernetes, etc.

More About Cybereason:

Our culture and how we operate reflects in our shared values. Our #Defenders are individuals with diverse skill sets and backgrounds who are driven to innovate and scale with our growing organization. We are a team that strives to learn from each other, solve challenging problems, and work collaboratively toward our goal of reversing the adversary advantage.

Core Values:

• Win As One: The power of an individual is less than the power of a team.
• Ever Evolving: Change keeps us at the forefront, so we encourage it.
• Daring: To achieve the impossible, we must dare to be different.
• Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
• Never Give Up: We are tenacious and resilient, and we never stop.
• UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.

If these values resonate with you and our vision excites you, join us today and help us end cyber attacks from the endpoint to everywhere! #Defenders

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Cybereason we are dedicated to building a diverse, inclusive, and authentic workplace (#uBu), so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.