Application Security Lead (Cybersecurity)

TL;DR

Application Security Lead (Cybersecurity): Taking ownership of product and infrastructure security to drive a security-first culture within the engineering organization. Focus on leading the transition to a mature DevSecOps model, implementing secure SDLC practices, and managing vulnerability remediation across web and mobile platforms.

Company

hirify.global is a global ground transportation solution optimizing mobility for businesses and Fortune 500 companies.

What you will do

• Embed security practices throughout the SDLC from design and planning to deployment and maintenance.
• Lead threat modeling (STRIDE) and architectural reviews for high-risk features like authentication and payments.
• Integrate and manage automated security scanning (SAST, SCA, DAST) within CI/CD pipelines.
• Enforce API security and lead security initiatives specifically tailored for iOS and Android mobile environments.
• Orchestrate internal red teaming, external penetration tests, and manage Bug Bounty programs.
• Oversee cloud security posture (CSPM) on AWS/GCP and manage disaster recovery and business continuity planning.

Requirements

• 5+ years of proven experience with a strong emphasis on Application Security and Product Security.
• Hands-on experience with AppSec tooling in CI/CD pipelines and mobile application security.
• Solid understanding of cloud architectures (AWS/GCP), secret management, and security posture tools.
• Deep knowledge of OWASP SAMM, NIST, STRIDE, PCI-DSS, and GDPR.
• Exceptional communication skills to bridge the gap between engineering and C-level executives.

Culture & Benefits

• Inclusive and respectful environment where diversity drives innovation.
• Commitment to equal opportunities regardless of age, race, gender identity, or disability.
• Support and accommodations provided during the recruitment process.