Application Security Architect

Description

Fiverr is looking for an experienced Application Security Architect to join our Cybersecurity team. In this role, you will be instrumental in building and advancing Fiverr’s application security programs. Working closely with talented engineers, product managers, and platform teams, you’ll play a key role in ensuring the security of our software development lifecycle (SDLC).

You’ll provide security services including secure coding practices, architecture reviews, awareness and training initiatives, and tool implementation. From threat modeling to secure development education, your contributions will directly impact the safety and resilience of Fiverr’s products.

What am I going to do?

• Lead Secure SDLC Initiatives: Drive security throughout the software development lifecycle (S-SDLC), including threat modeling, risk assessments, and mitigation planning for new and existing applications.
• Embed Secure Design Practices: Guide development teams on implementing secure architectural patterns, design principles, and coding standards, with emphasis on OWASP and industry best practices.
• Security Tooling Strategy: Define and manage the integration of Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools into Fiverr’s CI/CD pipelines, ensuring scalable, platform-agnostic coverage and effective vulnerability management.
• Security Testing & Remediation: Perform and oversee application security testing, ensuring timely remediation of identified vulnerabilities.
• Develop Security Standards: Create and maintain secure coding standards, best practices, and development guidance tailored to Fiverr’s tech stacks.
• Code Reviews: Conduct in-depth manual and automated security code reviews for critical components, offering practical and constructive feedback to engineering teams.
• API & Mobile App Security: Design and assess security for APIs and mobile applications, ensuring robust authentication, authorization, and data protection in line with industry standards.
• Third-Party Risk Management: Evaluate the security posture of third-party libraries, components, and services integrated into Fiverr's applications.
• Cloud Security Collaboration: Partner with Cloud Security Architects to ensure secure application deployment in cloud environments (e.g., AWS, GCP), offering expert advice on cloud-native security practices.
• Team Enablement & Education: Mentor development teams on emerging threats, secure coding techniques, and security-first development approaches.
• Bug Bounty Program Leadership: Manage and evolve Fiverr’s bug bounty program, working with researchers and internal teams to resolve findings efficiently.

Requirements

• Passion for application security and a commitment to building secure products.
• Minimum 2+ years of hands-on experience in application security roles.
• At least 3 years of experience in software development.
• Strong understanding of common application vulnerabilities and mitigation strategies (e.g., OWASP Top 10).
• Solid grasp of cryptography fundamentals, including encryption methods, authentication and authorization protocols, session management, and key management.
• Experience with security testing tools such as SAST, DAST, SCA, and penetration testing utilities.
• Solid foundation in application network security concepts: TLS, SSH, DNS, WAF, etc.
• Deep understanding of secure web application design and development methodologies.
• Effective communication and presentation skills, with the ability to explain complex technical issues to both technical and non-technical audiences.
• Proven ability to mentor and train teams in secure development principles.
• Self-motivated, detail-oriented, and capable of managing multiple priorities.
• Fluent in English, both written and verbal.

At Fiverr, we’re not about checklists. If you don’t meet 100% of the requirements for this role but still feel passionate about the position and think you have the right skills and qualifications to excel at it, we want to hear from you.

Equal opportunities

At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.