Senior Application Security Engineer
About Cyberhaven
Join Cyberhaven and be part of a team revolutionizing data security! We're tackling the limitations of traditional tools with AI-enabled data lineage. We analyze billions of workflows to understand data, detect risk, and stop threats. With $250M in funding from top investors like Khosla and Redpoint, our team features industry leaders from CrowdStrike, Palo Alto Networks, Meta, Google, and more. Shape the future of data security with us, protecting customers' most valuable information!
The Opportunity
We're seeking a passionate cybersecurity professional to join our team as a Senior Application Security Engineer. In this role, you'll partner with our Cybersecurity-Vulnerability Management team and our Development and Engineering organizations to identify and remediate threats and vulnerabilities. You'll play a critical role in ensuring the security of our operations and product development, building strong relationships with engineering teams, and driving vulnerability remediation efforts.
What You'll Do
Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
Security Tooling: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
DevSecOps Collaboration: Work closely with development teams to integrate security best practices throughout the Software Development Lifecycle (SDLC), including secure coding guidelines.
Threat Modeling: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
Incident Response: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation.
Continuous Learning: Stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
What You'll Bring
5+ years of software development experience, ideally with exposure to information security or AppSec.
Strong understanding of secure coding, threat modeling, and vulnerability management across the SDLC.
Proficiency in Go, Python, or Java, and experience with CI/CD pipelines and GitHub.
Hands-on experience with security tools and frameworks (SAST, DAST, SCA—e.g., Snyk, Semgrep, OWASP ZAP, Burp).
Solid understanding of core Information Security capabilities such as: malware, vulnerabilities, exploits, attacks, firewalls, intrusion detection/prevention systems, etc.
Subject Matter Expertise (SME) in at least one of the following: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing.
Ability to interpret and prioritize security data, partnering effectively with developers to remediate issues.
Strong communication skills and the ability to influence and collaborate across engineering and security teams.
Bonus Points
Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform).
Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz).
Relevant certifications (ISC², ISACA, or GCP) and a degree in Computer Science or related field.
Background securing AI infrastructure or model deployments.
Strong analytical, time management, and problem-solving skills in fast-paced environments.
Cyberhaven is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.