Application Security and SDLC Team Leader

CYE is looking for a talented Application Security and Security Development Lifecycle Expert to be a part of our elite security researchers team. As an Application Security Leader, you will take an active role in leading various services including penetration testing and security development lifecycle activities that will help evaluate our customers’ security level and improve it. A typical job could be breaking into a segmented secure system at a Fortune 500 organization or perform a threat modeling process for a critical enterprise system.

Responsibilities

• Lead the application security team based on current/future tasks
• Identify, communicate, and drive the resolution of vulnerabilities
• Escort, evaluate and improve the application security development lifecycle of our customers
• Research and advocate for new application security solutions and technologies
• Continue to drive security evaluation earlier in the cycles through iterative security testing
• Ensure customers’ security by hands-on penetration testing, hypothesizing threats, helping development teams remediate risks upfront, and execute secure implementation efforts
• Improve secure coding and Secure-SDLC practices, application security requirements, automation, training, and metrics
• Lead the internal Secure-SDLC process of the R&D department in CYE.

Qualifications

• 5+ years of experience in Application Security Research including penetration testing, deep understanding of major Application Security attacks, vulnerabilities, and mitigations including XSS, CSRF, SQL Injection, Deserialization, RCE, etc. 
• Experienced with Secure-SDLC methodologies and standards such as Microsoft SDL, OWASP SAMM, and OWASP ASVS
• Experienced with threat analysis processes
• Experienced with web & mobile application security, API analysis and unique client/ server architectures
• Experienced in code auditing and best practices
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Managerial experience
• Relevant certifications such as CEH and EWPTX – an advantage
• Familiarity with a wide range of high-level programming languages (Java, JS, Python, etc.) – an advantage
• Familiarity with cloud environments – an advantage