Senior Application Security Engineer
About the role
Cyberhaven is seeking a passionate cyber security professional who understands the value of identifying and removing threats or vulnerabilities in the environment. The Senior Application Security Engineer will be responsible for the day-to-day work of partnering the Cybersecurity-Vulnerability Management with the Development and Engineering organizations. They will ensure optimal implementation of our scan tools and update configurations as the environment changes. In this role, they are responsible for identifying security threats facing the company from the operations and product development. The Engineer will build meaningful relationships with teams in multiple Cyberhaven engineering teams to drive the vulnerability remediation effort. They will participate in the implementation, execution, metrics, and sustainability of program objectives that allow security operations to continuously improve our ability to detect and protect our world-wide footprint from vulnerabilities and threats. The ideal candidate can come from either a security background (preferably DevSecOps) or a product-development background, and will work to support both.
What you’ll do
Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
Develop / Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.
Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
Vulnerability Management: Supporting role to track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
Who you are
5+ years of software development experience, ideally with exposure to information security or AppSec.
Strong grasp of secure coding, threat modeling, and vulnerability management across the SDLC.
Proficient in Go, Python, or Java, and experienced with CI/CD pipelines and GitHub.
Hands-on with security tools and frameworks (SAST, DAST, SCA—e.g., Snyk, Semgrep, OWASP ZAP, Burp).
Understanding of core Information Security capabilities such as: malware, vulnerabilities, exploits, attacks, firewalls, intrusion detection/prevention systems, etc.
SME in at least one of the following: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing.
Able to interpret and prioritize security data, partnering effectively with developers to remediate issues.
Strong communicator who can influence and collaborate across engineering and security teams.
Preferred candidates will have:
Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform).
Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz).
Relevant certifications (ISC², ISACA, or GCP) and a degree in Computer Science or related field.
Background securing AI infrastructure or model deployments.
Strong analytical, time management, and problem-solving skills in fast-paced environments.
Joining Cyberhaven is a chance to revolutionize data security. Traditional tools fall short, but we’ve reimagined protection with AI-enabled data lineage that analyzes billions of workflows to understand data, detect risk, and stop threats. Backed by $250M from leading investors like Khosla and Redpoint, our team includes leaders who built industry-defining technologies at CrowdStrike, Palo Alto Networks, Meta, Google, and more. This role lets you shape the future of data security, alongside experts driven to help customers protect their most valuable information.
Cyberhaven is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
About the job
Apply for this position
Senior Application Security Engineer
About the role
Cyberhaven is seeking a passionate cyber security professional who understands the value of identifying and removing threats or vulnerabilities in the environment. The Senior Application Security Engineer will be responsible for the day-to-day work of partnering the Cybersecurity-Vulnerability Management with the Development and Engineering organizations. They will ensure optimal implementation of our scan tools and update configurations as the environment changes. In this role, they are responsible for identifying security threats facing the company from the operations and product development. The Engineer will build meaningful relationships with teams in multiple Cyberhaven engineering teams to drive the vulnerability remediation effort. They will participate in the implementation, execution, metrics, and sustainability of program objectives that allow security operations to continuously improve our ability to detect and protect our world-wide footprint from vulnerabilities and threats. The ideal candidate can come from either a security background (preferably DevSecOps) or a product-development background, and will work to support both.
What you’ll do
Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
Develop / Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.
Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
Vulnerability Management: Supporting role to track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
Who you are
5+ years of software development experience, ideally with exposure to information security or AppSec.
Strong grasp of secure coding, threat modeling, and vulnerability management across the SDLC.
Proficient in Go, Python, or Java, and experienced with CI/CD pipelines and GitHub.
Hands-on with security tools and frameworks (SAST, DAST, SCA—e.g., Snyk, Semgrep, OWASP ZAP, Burp).
Understanding of core Information Security capabilities such as: malware, vulnerabilities, exploits, attacks, firewalls, intrusion detection/prevention systems, etc.
SME in at least one of the following: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing.
Able to interpret and prioritize security data, partnering effectively with developers to remediate issues.
Strong communicator who can influence and collaborate across engineering and security teams.
Preferred candidates will have:
Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform).
Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz).
Relevant certifications (ISC², ISACA, or GCP) and a degree in Computer Science or related field.
Background securing AI infrastructure or model deployments.
Strong analytical, time management, and problem-solving skills in fast-paced environments.
Joining Cyberhaven is a chance to revolutionize data security. Traditional tools fall short, but we’ve reimagined protection with AI-enabled data lineage that analyzes billions of workflows to understand data, detect risk, and stop threats. Backed by $250M from leading investors like Khosla and Redpoint, our team includes leaders who built industry-defining technologies at CrowdStrike, Palo Alto Networks, Meta, Google, and more. This role lets you shape the future of data security, alongside experts driven to help customers protect their most valuable information.
Cyberhaven is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.