Cato Networks

Welcome to the future of cloud networking and security! 

Cato Networks is the first company to converge enterprise networking and security into one centralized and global service that is delivered by cloud. Cato’s unique technology inspired a brand-new product category, later named “SASE” by Gartner. 

Cato is the brainchild of networking and security pioneers Shlomo Kramer (Check Point, Imperva) and Gur Shatz (Incapsula.) Cato Networks has raised $773 million dollars since 2015, achieving Centaur status with $100M+ in ARR, and a valuation of $3 billion dollars.

This is your opportunity to get on the rocket ship and join a company that is building a cutting-edge enterprise network and secure cloud platform and is on a fast track to becoming the worldwide market leader – don’t miss it!

We're looking for an Application Security Engineer to join us. In this critical role, you will assist us in validating our services and environments according to the highest security standards. Also, You will work closely with our R&D and Product teams, and solve complex security problems.

Responsibilities:

• Proactively safeguarding the security integrity of our platforms and systems by ongoing scrutiny and refinement of our security measures.
• Rigorously scrutinizing our architecture, design, and coding practices to preemptively identify and mitigate potential vulnerabilities and threats.
• Providing guidance and instruction to development teams on the principles of secure coding, vulnerability mitigation, and adherence to the latest security best practices.
• Keeping abreast of emerging technologies and evolving standards within the cybersecurity landscape, ensuring our practices remain at the forefront of the industry.
• Contribute to Cato’s security research blog.

Requirements:

• A minimum of 3 years of dedicated experience in the field of application security.
• Proven Experience in conducting hands-on penetration tests across web, mobile, and infrastructure platforms is essential.
• Proven Experience in penetration testing and bypassing security solutions such as RBI, EDRs, DLP, etc.
• Proficiency in programming with a preference for Java, Go, and C is necessary.
• Demonstrated ability in detecting, pursuing, and resolving security flaws within open-source components that serve as third-party dependencies.
• Prior exposure to supply chain attack strategies and their countermeasures is highly beneficial.
• Practical experience with Amazon Web Services (AWS) cloud infrastructure is favorable.
• Familiarity with the architecture and management of microservices, including Docker and Kubernetes, is valuable.
• Exceptional problem-solving capabilities, coupled with autonomous work ethics and a strong sense of personal accountability.
• Effective communication abilities, coupled with a genuine enthusiasm for imparting knowledge and driving collective progress toward excellence in security.
• Understanding networking & Encryption protocols.

Additionally, candidates should possess:

• A robust understanding of network security protocols and encryption technologies.
• Experience with static and dynamic code analysis tools (SAST, DAST, etc.)
• A proven track record of working in Agile development environments and with cross-functional teams.
• Certifications such as OSCP or similar credentials that endorse one's security expertise.
• The capacity to lead security projects and initiatives, demonstrating project management skills.
• An adaptable and collaborative mindset to work effectively in a fast-paced, evolving company landscape.
• Commitment to staying informed on the latest security threats and defense mechanisms.
• Having a security blog / CVEs / Bug Bounty experience is an advantage.
• BSc in Computer Science- an advantage