Application Security Leader

Security

Ra'anana

Description

Title: Application Security Leader

Location: Ra'anana

 #LI-Hybrid 4 days a week in office

About The Company

DriveNets is a leader in large-scale networking solutions for AI infrastructure and service providers. The company’s disaggregated networking architecture transforms the economics of large-scale infrastructures while maximizing performance, utilization, and operational efficiency. Its high-performance AI fabric maximizes GPU utilization and accelerates deployments by optimizing the AI stack end-to-end, resulting in higher tokens-per-second and lower cost-per-token. DriveNets’ solutions power production networks for global tier-1 operators like AT&T and Comcast, and scale multi-vendor AI infrastructures at foundation model labs, NeoClouds, and enterprises. 

About the Role 

We are looking for a talented Application Security Manager to join our CISO team and lead the application security practice at DriveNets. You will be the primary owner of AppSec across our product portfolio, working closely with Product, R&D, and DevOps teams to embed security into the software development lifecycle and collaboratively build a strong, scalable security posture. 

This is a foundational role. DriveNets delivers ISP-grade networking software to some of the world’s largest telecommunications providers. The security of our products is directly tied to the trust our customers place in us and to our ability to meet contractual, compliance, and audit obligations including ISO 27001 and SOC 2, DRA. 

What You’ll Do 

Product & R&D Collaboration 

  • Work closely with Product, R&D, and DevOps teams to define high-level and detailed security requirements for various features and product releases. 
  • Partner with R&D teams to review code for security vulnerabilities, both manually and through automated and AI tooling at machine speed. 
  • Guide R&D teams on secure coding best practices and how to remediate findings effectively. 
  • Drive and track the progress of security bug resolution with R&D and DevOps teams, ensuring issues are prioritized and closed on time. 
  • Security Champions. Establish, guide, and lead a Security Champions program across all Business Units embedding security ownership into R&D, Product, and DevOps teams to continuously elevate the organization's overall security posture. 
  • Metrics, Define and provide product security metrics that deliver clear visibility to all BUs and leadership, enabling the right business decisions while effectively managing product security risks at the executive level. 

Application Security Operations 

  • Build, maintain, and continuously improve AppSec processes and tools across the SSDLC. 
  • Lead as SME representing the CISO as focal point on the AI factory program and forum. 
  • Perform periodic application-level penetration tests on major features and product versions. 
  • Evaluate the security posture of third-party tools, libraries, and vendors from an application security perspective. 
  • Integrate and operate SAST, DAST, and SCA tooling into CI/CD pipelines; manage findings triage and remediation workflows. 
  • Assess container and Kubernetes security posture; enforce hardening standards across the deployment stack. 

 Leadership & Team Development 

  • Lead the AppSec function, building and expanding the team over time to match the company’s growth. 
  • Mentor engineers and security team members on application security concepts and practices. 
  • Act as the AppSec subject matter expert across the organization, including for external-facing engagements. 

 Compliance & Audit 

  • Work on RFP and audit responses as needed, representing the AppSec program to customers and auditors. 
  • Maintain evidence and documentation for ISO 27001, SOC 2 & DRA controls related to secure development and vulnerability management. 
  • Support supply chain security reviews for ISP customers (e.g., AT&T) with application security artifacts. 

 

Requirements

What We’re Looking For 

Must Have 

  • 10+ years of hands-on experience in the application security field, including deep familiarity with the SSDLC process including hands on with several security tools. 
  • 2+ years of leadership experience managing people, driving programs, or leading cross-functional security initiatives. 
  • Deep knowledge of common application-level vulnerabilities and mitigation strategies: 
  • OWASP Top 10, SANS CWE Top 25, OWASP GenAI Security Project 
  • Injection, authentication, authorization, cryptographic, and supply chain vulnerabilities 
  • Strong manual code review skills across one or more of: Java, C/C++, Python, Node.js. 
  • Hands-on experience with SCA, SAST, DAST, CI/CD tools and the ability to integrate them into development workflows. 
  • Familiarity with container security, Docker, and Kubernetes environments. 
  • Cloud security knowledge (AWS, Azure, or GCP) and ability to assess cloud-native application risks. 
  • Excellent communication skills able to interface effectively with DevOps, R&D, and business stakeholders. 
  • Ability to work well under pressure and independently, while also collaborating across teams. 
  • Projectable thinking: ability to plan ahead, anticipate security gaps, and build toward a target posture. 

 Added Value 

  • Background in a well-known, globally recognized security or technology organization. 
  • Penetration testing (PT) experience at the application layer. 
  • Experience with PI (Product Increment) planning and Agile security integration. 
  • Hands-on experience with Applicative HO (Hardening & Operations) in production environments. 
  • Familiarity with threat modelling methodologies (STRIDE, PASTA, or equivalent). 
  • Experience responding to ISP or enterprise customer security questionnaires and audits. 
  • ISO 27001, SOC2, DRA compliance exposure. 

 What You’ll Get 

  • A foundational role: you will shape the AppSec practice, not inherit it. 
  • Direct access and partnership with the CISO and cross company. 
  • Backing from executive leadership this hire is prioritized and approved at CEO level. 
  • Work in an AI-first company building infrastructure that powers global ISP networks. 
  • The opportunity to build and expand a team as the program matures. 
  • Competitive senior-level in a winning AI first company.About the Role 
  • We are looking for a talented Application Security Manager to join our CISO team and lead the application security practice at DriveNets. You will be the primary owner of AppSec across our product portfolio, working closely with Product, R&D, and DevOps teams to embed security into the software development lifecycle and collaboratively build a strong, scalable security posture. 
  • This is a foundational role. DriveNets delivers ISP-grade networking software to some of the world’s largest telecommunications providers. The security of our products is directly tied to the trust our customers place in us and to our ability to meet contractual, compliance, and audit obligations including ISO 27001 and SOC 2, DRA. 
  • OWASP Top 10, SANS CWE Top 25, OWASP GenAI Security Project 
  • Injection, authentication, authorization, cryptographic, and supply chain vulnerabilities 
  • Strong manual code review skills across one or more of: Java, C/C++, Python, Node.js. 
  • Hands-on experience with SCA, SAST, DAST, CI/CD tools and the ability to integrate them into development workflows. 
  • Familiarity with container security, Docker, and Kubernetes environments. 
  • Cloud security knowledge (AWS, Azure, or GCP) and ability to assess cloud-native application risks. 
  • Excellent communication skills able to interface effectively with DevOps, R&D, and business stakeholders. 
  • Ability to work well under pressure and independently, while also collaborating across teams. 
  • Projectable thinking: ability to plan ahead, anticipate security gaps, and build toward a target posture. 

 More About DriveNets  

Based in Israel with extended teams located in the US, Japan, and Romania, DriveNets operations cover more than twelve countries globally. Powering production networks for global tier-1 operators, DriveNets is a leader in large-scale networking solutions for AI infrastructure and service providers. Visit our website to learn more: 

https://drivenets.com/company/  

 

If your experience is close but doesn’t fulfill all requirements, please apply. DriveNets is on a mission to build a special company comprised of individuals with different backgrounds, perspectives, and experiences. 

DriveNets is an equal opportunity employer. We do not discriminate based on upon race, religion, national origin, sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with disability, or other applicable legally protected characteristics.