Senior Application Security Engineer

About the role

Cyberhaven is seeking a passionate cyber security professional who understands the value of identifying and removing threats or vulnerabilities in the environment. The Senior Application Security Engineer will be responsible for the day-to-day work of partnering the Cybersecurity-Vulnerability Management with the Development and Engineering organizations. They will ensure optimal implementation of our scan tools and update configurations as the environment changes. In this role they are responsible for identifying security threats facing the company from the operations and product development. The Engineer will build meaningful relationships with teams in multiple Cyberhaven engineering teams to drive the vulnerability remediation effort. They will participate in the implementation execution metrics and sustainability of program objectives that allow security operations to continuously improve our ability to detect and protect our world-wide footprint from vulnerabilities and threats. The ideal candidate can come from either a security background (preferably DevSecOps) or a product-development background and will work to support both.

What you’ll do

• Perform Security Assessments: Conduct regular security assessments code reviews and penetration testing to identify vulnerabilities in applications and software.

• Develop / Implement Security Tools: Design develop and implement security tools frameworks and methodologies to protect applications against security threats.

• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC) including secure coding guidelines.

• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.

• Vulnerability Management: Supporting role to track analyze and manage vulnerabilities in applications providing guidance and support for remediation efforts.

• Incident Response Support: Assist in investigating analyzing and responding to security incidents related to applications ensuring timely resolution and documentation of incidents.

• Stay Current on Security Trends: Continuously stay updated on the latest security threats vulnerabilities and technologies to enhance security measures in applications.

Who you are

• 5+ years of software development experience ideally with exposure to information security or AppSec.

• Strong grasp of secure coding threat modeling and vulnerability management across the SDLC.

• Proficient in Go Python or Java and experienced with CI/CD pipelines and GitHub.

• Hands-on with security tools and frameworks (SAST DAST SCA—e.g. Snyk Semgrep OWASP ZAP Burp).

• Understanding of core Information Security capabilities such as: malware vulnerabilities exploits attacks firewalls intrusion detection/prevention systems etc.

• SME in at least one of the following: Threat and Vulnerability Management Incident Response Threat Hunting/Red Teaming or Penetration Testing.

• Able to interpret and prioritize security data partnering effectively with developers to remediate issues.

• Strong communicator who can influence and collaborate across engineering and security teams.

Preferred candidates will have:

• Experience with cloud and container security (GCP Kubernetes Docker Terraform).

• Familiarity with endpoint and vulnerability management tools (e.g. CrowdStrike Falcon Wiz).

• Relevant certifications (ISC² ISACA or GCP) and a degree in Computer Science or related field.

• Background securing AI infrastructure or model deployments.

• Strong analytical time management and problem-solving skills in fast-paced environments.

Joining Cyberhaven is a chance to revolutionize data security. Traditional tools fall short but we’ve reimagined protection with AI-enabled data lineage that analyzes billions of workflows to understand data detect risk and stop threats. Backed by $250M from leading investors like Khosla and Redpoint our team includes leaders who built industry-defining technologies at CrowdStrike Palo Alto Networks Meta Google and more. This role lets you shape the future of data security alongside experts driven to help customers protect their most valuable information.

Cyberhaven is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion gender gender identity or expression sexual orientation national origin genetics disability age or veteran status.