Hands-on experience with AppSec tools: Snyk, Invicti, Sonatype, Bug Bounty (Intigriti), or comparable platforms
Experience in secure SDLC, secure coding practices, and application security assessments
Knowledge of threat modeling methodologies (e.g., STRIDE, attack trees)
Ability to collaborate across engineering, development, CoE teams, and external partners
Requirements:
Own and govern AppSec tooling (Snyk, Invicti, Intigriti, Sonatype) including quality, lifecycle management, updates, roadmaps, tool health, SLAs, dashboards, and alignment with CoE and development teams
Lead platform migrations (Invicti to new platform for LLM/GenAI/AI-injection scanning; Sonatype to SaaS) and coordinate with internal teams, external partners, and vendors
Perform or support Development Security Reviews, including Design Security (DS) and Code Review Reports (CRR); provide security guidance to developers, PMs, and architects
Lead threat modeling activities and collaborate with CoE; drive continuous improvement, process automation, and team enablement/training
Job description
This is a remote position.
We are looking for a skilled Application Security Tooling/Platform Lead, who will be responsible for ensuring the security of the project's custom development landscape through expert management of application security tooling and processes. This role drives operational excellence across Snyk, Invicti, Intigriti, and Sonatype platforms, supports key platform migrations, and provides specialist expertise for secure development reviews, threat modeling, and cross-functional alignment with the Center of Excellence (CoE).
Key Responsibilities:
Security Tooling Ownership & Governance
Act as product owner for AppSec tooling (Snyk, Invicti, Intigriti, Sonatype)
Ensure quality, compliance, lifecycle management, updates, and roadmap follow-up
Monitor tool health, SLAs, and dashboards; ensure ongoing maintenance with the CoE
Align with development teams, CoE, and platform stakeholders on complex topics
Project Ownership
Lead the Invicti migration to the new platform supporting LLM/GenAI/AI-injection scanning
Lead the Sonatype migration to SaaS with minimal disruption
Coordinate with internal teams, external partners, and vendors to deliver new capabilities
Development Security Reviews
Perform or support Design Security (DS) and Code Review Reports (CRR)
Provide guidance on security questions from developers, project managers, and architects
Threat Modeling
Lead, perform, or review threat models for custom development projects
Help teams identify security risks early using defined methodologies
Cross-Team Collaboration & Continuous Improvement
Collaborate weekly with the CoE on AppSec topics and standards
Contribute to process improvements, automation, and team enablement/training
Requirements
Strong hands-on experience with AppSec tools: Snyk, Invicti, Sonatype, Bug Bounty (Intigriti), or comparable platforms
Experience in secure SDLC, secure coding practices, and application security assessments
Knowledge and practical experience with threat modeling methodologies (e.g., STRIDE, attack trees)
Ability to collaborate across engineering, development, CoE teams, and external partners
Nice to have: exposure to GenAI/LLM security concerns (e.g., AI-prompt injection scanning)
Strong analytical, communication, and documentation skills
Benefits
Remote work
Food ticket
Health insurance
Training and access to certification vouchers
Work-life balance initiatives
Referral program
Birthday off
Give back day – enjoy a day to give back to society!
