Application Security

תאור משרה

The classic seven-layer model, developed decades ago in order to define and regulate the various interfaces between specific hardware, made by a specific manufacturer, and universal applications which are focused on a wide range of users, has over the years condensed into three practical ”slices”: hardware and its interface (commonly referred to as BIOS and Drivers), services (i.e., Operating System services such as disk I/O, NIC access etc.), and applications

Each of these “slices” presents distinct challenges to cybersecurity and information security professionals. While the challenges in securing hardware and its interfaces are significant and handled by dedicated professionals, the other two parts operating systems and applications are considered the "bread and butter" of cybersecurity. Among these, the application layer poses a unique set of challenges

Over the past decade, significant resources have been invested in cybersecurity and information security at the operating system level. Due to its relative  uniformity on one hand, and wide usage on the other, this certain layer is addressed by numerous industry stakeholders, from manufacturers to research institutes, developers, and vulnerability researchers. In contrast, the significant diversity and vast variety of applications in the market, coupled with the need for organizations to develop secure applications, make securing the third ”slice” the application layer a particularly difficult and complex task

Elbit Systems utilizes a wide range of commercial applications, some highly prevalent and others tailored for research, development, and testing needs. Additionally, the company extensively develops software applications both for internal use (supporting day-to-day operations) and as part of its products delivered to customers. The Head of Application Security will address a broad spectrum of cybersecurity and information security aspects related to all these types of applications.

תחומי אחריות

Responsibilities
Serves as a knowledge hub and operational arm for all cybersecurity and information security aspects which are related to commercial and proprietary software applications
Establishes and publishes practical guidelines for secure software development based on accepted standards and common metrics, and guides their implementation
Advises on either avoiding, exempting, or incorporating software libraries with known vulnerabilities, based on solid information from industry or other sources
Define practical rules for embedding application monitoring tools within the organization's monitoring centre, to enhance visibility of applications, from cybersecurity standpoint
Monitors developments in secure coding methodologies for endpoint applications, web applications, and cloud applications, and updates secure coding guidelines accordingly
Tracks updates on application vulnerabilities published from time to time (either via the GRACE division or other bodies) and guides methods to mitigate or eliminate vulnerabilities in applications, software libraries, or code extensions
Participates in various forums within the CISO group or other professional groups in the company (headquarters or divisions) that may require application security inputs during design or other product lifecycle stages
Be involved in cybersecurity incidents where the exploited vulnerability is in the application layer of the attacked system, as determined by the CISO
Implement commercial products, technologies, and proven methods for early analysis and detection of security weaknesses at the software code, code extension, or application level
Adapt Elbit Systems' cybersecurity and information security policies to developments in application security
Execute tasks and work orders assigned periodically by the head of the CISO group