Application Security Research TL

Welcome to the future of cloud networking and security! Cato Networks is the first company to converge enterprise networking and security into one centralized and global service that is delivered by cloud. It is led by networking and security pioneer Shlomo Kramer (Check Point, Imperva) and early investor (Palo Alto Networks, Exabeam, Trusteer and more). Cato’s unique technology inspired a brand-new product category, later named “SASE” by Gartner and a market expected to reach $28.5 billion by 2028. This is your opportunity to get on the rocket ship and join a company that is building a cutting-edge enterprise network and secure cloud platform, and is on a fast track to becoming the worldwide market leader – don’t miss it! We're looking for a hands-on Application Security leader with extensive experience building and scaling AppSec programs in high-growth software environments. Proven ability to balance strategy with execution, embed security into engineering workflows, and partner closely with RD teams to deliver measurable risk reduction without slowing development. What will you do? Mature and scale our Application Security function across RD, establishing clear ownership, processes, and engagement models with engineering teams Embed application security into CI/CD pipelines and daily development workflows, enabling secure-by-default engineering practices Hands on knowledge in pen testing and code review in multiple languages. Lead the implementation, tuning, and ongoing optimization of AppSec tooling (Semgrep, Oligo, Escape DAST), and Cato Bug bounty program, driving high signal-to-noise detection and actionable remediation Define and maintain application security standards, policies, and secure development frameworks aligned with business and engineering needs Conduct and Lead threat modeling sessions, architecture risk reviews, and secure design assessments for new and existing services Partner closely with Engineering Managers, Tech Leads, and Architects to promote secure coding practices and pragmatic security decisions Support Cato research program CATO CTRL, with dedicated research activities and focus on new vulnerabilities discovery. Establish and track meaningful AppSec KPIs (vulnerability trends, remediation SLAs, pipeline coverage, risk posture) and reported progress to stakeholders Translate security initiatives into clear execution plans, ensuring adoption and measurable impact across teams Mentor engineers and security champions, gradually expanding AppSec ownership and scaling the program with organizational growth Core Skills Expertise Application Security Program Development DevSecOps CI/CD Security Integration SAST, SCA, DAST, Secrets Detection Threat Modeling Secure Architecture Reviews Knowledge in network protocols and thick clients testing. Secure Coding Practices Developer Enablement Risk Assessment Vulnerability Management Security Metrics Program Measurement Cross-functional Leadership Influence Experience Highlights 8+ years of hands-on experience in Application Security and Security Engineering and relevant certifications (OCSP, OSWE, CSSLP, GWAPT, etc..) Proven track record of standing up or significantly maturing AppSec programs Deep understanding of modern CI/CD pipelines and cloud-native development Strong ability to influence engineering teams without direct authority Experience leading small -medium teams, mentoring engineers, and acting as a technical authority Nice to Have / Additional Value SaaS and cybersecurity domain experience Work in high-growth, fast-scaling, and global engineering organizations ... (truncated, view full listing at source)