We're looking for a hands-on Application Security leader with extensive experience building and scaling AppSec programs in high-growth software environments. Proven ability to balance strategy with execution, embed security into engineering workflows, and partner closely with R&D teams to deliver measurable risk reduction without slowing development.
What will you do?
Mature and scale our Application Security function across R&D, establishing clear ownership, processes, and engagement models with engineering teams
Embed application security into CI/CD pipelines and daily development workflows, enabling secure-by-default engineering practices
Hands on knowledge in pen testing and code review in multiple languages.
Lead the implementation, tuning, and ongoing optimization of AppSec tooling (Semgrep, Oligo, Escape DAST), and our company Bug bounty program, driving high signal-to-noise detection and actionable remediation
Define and maintain application security standards, policies, and secure development frameworks aligned with business and engineering needs
Conduct and Lead threat modeling sessions, architecture risk reviews, and secure design assessments for new and existing services
Partner closely with Engineering Managers, Tech Leads, and Architects to promote secure coding practices and pragmatic security decisions
Support our company research program company CTRL, with dedicated research activities and focus on new vulnerabilities discovery.
Establish and track meaningful AppSec KPIs (vulnerability trends, remediation SLAs, pipeline coverage, risk posture) and reported progress to stakeholders
Translate security initiatives into clear execution plans, ensuring adoption and measurable impact across teams
Mentor engineers and security champions, gradually expanding AppSec ownership and scaling the program with organizational growth.
What will you do?
Mature and scale our Application Security function across R&D, establishing clear ownership, processes, and engagement models with engineering teams
Embed application security into CI/CD pipelines and daily development workflows, enabling secure-by-default engineering practices
Hands on knowledge in pen testing and code review in multiple languages.
Lead the implementation, tuning, and ongoing optimization of AppSec tooling (Semgrep, Oligo, Escape DAST), and our company Bug bounty program, driving high signal-to-noise detection and actionable remediation
Define and maintain application security standards, policies, and secure development frameworks aligned with business and engineering needs
Conduct and Lead threat modeling sessions, architecture risk reviews, and secure design assessments for new and existing services
Partner closely with Engineering Managers, Tech Leads, and Architects to promote secure coding practices and pragmatic security decisions
Support our company research program company CTRL, with dedicated research activities and focus on new vulnerabilities discovery.
Establish and track meaningful AppSec KPIs (vulnerability trends, remediation SLAs, pipeline coverage, risk posture) and reported progress to stakeholders
Translate security initiatives into clear execution plans, ensuring adoption and measurable impact across teams
Mentor engineers and security champions, gradually expanding AppSec ownership and scaling the program with organizational growth.
Requirements:
Core Skills & Expertise
Application Security Program Development
DevSecOps & CI/CD Security Integration
SAST, SCA, DAST, Secrets Detection
Threat Modeling & Secure Architecture Reviews
Knowledge in network protocols and thick clients testing.
Secure Coding Practices & Developer Enablement
Risk Assessment & Vulnerability Management
Security Metrics & Program Measurement
Cross-functional Leadership & Influence
Experience Highlights
8+ years of hands-on experience in Application Security and Security Engineering and relevant certifications (OCSP, OSWE, CSSLP, GWAPT, etc..)
Proven track record of standing up or significantly maturing AppSec programs
Deep understanding of modern CI/CD pipelines and cloud-native development
Strong ability to influence engineering teams without direct authority
Experience leading small -medium teams, mentoring engineers, and acting as a technical authority
Nice to Have / Additional Value
SaaS and cybersecurity domain experience
Work in high-growth, fast-scaling, and global engineering organizations.
Core Skills & Expertise
Application Security Program Development
DevSecOps & CI/CD Security Integration
SAST, SCA, DAST, Secrets Detection
Threat Modeling & Secure Architecture Reviews
Knowledge in network protocols and thick clients testing.
Secure Coding Practices & Developer Enablement
Risk Assessment & Vulnerability Management
Security Metrics & Program Measurement
Cross-functional Leadership & Influence
Experience Highlights
8+ years of hands-on experience in Application Security and Security Engineering and relevant certifications (OCSP, OSWE, CSSLP, GWAPT, etc..)
Proven track record of standing up or significantly maturing AppSec programs
Deep understanding of modern CI/CD pipelines and cloud-native development
Strong ability to influence engineering teams without direct authority
Experience leading small -medium teams, mentoring engineers, and acting as a technical authority
Nice to Have / Additional Value
SaaS and cybersecurity domain experience
Work in high-growth, fast-scaling, and global engineering organizations.
This position is open to all candidates.
