Your space-enabled career begins here

Gett is a Ground Transportation Solution with the mission to organize all the best mobility providers (delivery, corporate fleet, ride-hailing, taxi, enterprise solutions like car pooling, and more) in one global platform, with great UX - optimizing the entire experience from booking and riding to invoicing and analytics, to save businesses time and money. We work with a third of the Fortune 500 companies and have over 17K active business customers across the world.

We are seeking a highly skilled and hands-on Application Security Lead to take ownership of our product and infrastructure security. Reporting directly to the CISO with a dotted line to the CTO, you will act as the critical bridge between our Security and Engineering teams, driving a robust "security-first" culture.

While this role encompasses both application and infrastructure security, our primary focus is on the Application Security domain. You will lead our transition towards a mature DevSecOps organization, ensuring that security is seamlessly embedded into every phase of our SDLC without compromising delivery speed.

Key Responsibilities

Application Security & Secure Engineering

• Secure SDLC Integration: Embed security practices throughout the entire SDLC, from initial design and planning to deployment and maintenance.
• Threat Modeling & Architecture: Lead threat modeling (e.g., STRIDE) and architectural reviews for high-risk features like authentication, PII, and payments.
• AppSec Tooling & Automation: Integrate and manage automated security scanning (SAST, SCA, DAST) within CI/CD pipelines to ensure code integrity seamlessly.
• Mobile & API Security: Enforce least-privilege models for API configurations. Lead security initiatives specifically tailored to mobile environments (iOS/Android), protecting Gett's core mobility platform.
• Offensive Security & Pentesting: Orchestrate internal red teaming and external penetration tests for web and mobile applications. Manage Vulnerability Disclosure Programs (VDP) / Bug Bounties.
• Developer Empowerment & DevEx: Collaborate with developers to provide automated tools, coding guidelines, and frictionless guardrails for secure-by-design development, ensuring security acts as an enabler, not a blocker.
• Incident & Vulnerability Management: Act as the technical escalation point for application security incidents, leading detection and recovery efforts, while prioritizing vulnerabilities across the product suite for timely remediation.

Cloud & Infrastructure Security

• Cloud & Network Posture: Manage cloud security posture (CSPM) across AWS/GCP and oversee broad network security measures, including WAF, Bot management, and environment segmentation.
• Pipeline & Secrets Management: Secure the CI/CD infrastructure against tampering and enforce robust secret management and secure repository controls across the organization.
• Resilience & Recovery: Manage disaster recovery (DR) and business continuity planning for production environments.

Governance, Culture & Compliance

• DevSecOps Strategy: Lead the strategic evolution of DevOps into a mature DevSecOps model, aligning with industry frameworks like OWASP SAMM and NIST SSDF.
• Metrics & Measurement: Define and track key security metrics (e.g., MTTR, vulnerability density) to measure and improve program effectiveness.
• Security Champions: Build and mentor a Security Champions program within R&D to scale security knowledge and foster a grassroots culture.
• Compliance & Privacy: Ensure continuous compliance with PCI-DSS, ISO27001, and GDPR, championing privacy-by-design principles across all user data and R&D operations.

Requirements:

• 5+ years of proven experience with a strong emphasis on Application Security, Product Security, and Developer interaction. Cloud/Infrastructure security experience is highly valued but secondary to AppSec expertise.
• Hands-on experience with AppSec tooling across the CI/CD pipeline, mobile application security (iOS/Android), and robust API security management.
• Solid understanding of cloud architectures (AWS/GCP), secret management, and security posture tools.
• Deep understanding of OWASP SAMM, NIST, Threat Modeling (STRIDE), and regulatory standards (PCI-DSS, GDPR).
• Exceptional communication skills with the ability to bridge the gap between engineering, C-level executives (CISO/CTO), and security teams to embed a security culture seamlessly.

At Gett, we’re committed to creating an inclusive, respectful environment where everyone feels valued and empowered to succeed. We believe that diversity drives innovation, and we’re proud to offer equal opportunities to all—regardless of age, race, gender identity, sexual orientation, disability, or any other characteristic. If you need accommodations during the recruitment process, please contact us at recruitment.il@gett.com ,and we’ll do our best to support you. Click here to view our privacy policy.