Check Point Software
Head of Application Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Check Point Software
Check Point Software Technologies Ltd. is an Israeli multinational cybersecurity company founded in 1993 and headquartered in Tel Aviv, with a U.S. office in Redwood City, California. The company has operations in over 60 countries and employs nearly 7,900 people. Check Point is known for pioneering stateful inspection firewall technology and has evolved into a leader in AI-powered, cloud-delivered security platforms for enterprises, governments, and organizations worldwide. The company offers a comprehensive range of cybersecurity solutions through its Infinity Platform, which includes modular Software Blades for customizable deployment. Key offerings encompass network security, cloud security with CloudGuard, and endpoint security through Harmony. Check Point also provides additional solutions for threat prevention, web application protection, and secure access service edge (SASE/SSE). Its products are designed to protect against advanced cyber threats while ensuring performance for critical assets and networks, serving a diverse clientele that includes corporate enterprises, governments, and SMBs.
Security at Check Point Software
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec / DevSecOps mission: DevSecOps is an approach that integrates security into the entire application lifecycle. Our mission is to make the digital world safer by using AI-driven technology. Developer enablement vs. gatekeeping: Check Point emphasizes shifting left early in the application lifecycle and automating scanning and testing for vulnerabilities from pre-commit to production. Risk philosophy: They aim to protect against known and unknown risks in the cloud environment and analyze source code to determine third-party components. Stated pain points or goals: Detect code vulnerabilities to identify secrets and misconfigurations prior to deployment and eliminate risk of malicious or compromised OSS packages without impeding workflows. Gaps & Contradictions: Direct, public statements specifically labeling AppSec as "developer-first"versus "gatekeeping"beyond the shift-left and automation language are not publicly available.”
Security Team
Org structure & reporting line: Job posting context shows AppSec work inside R&D: "R&D | Full Time". Key public-facing leaders: Nataly Kremer, Chief Product Officer and Head of Research and Development; David Reber, Chief Security Officer and Head of Product Security. Key quote: Nataly Kremer is the "Chief Product Officer and Head of Research and Development". Team size estimate (as_of:): Information not publicly available. Active AppSec job postings (as_of:): Evidence found for at least 1 explicit AppSec job posting: "Application Security Expert"(Job Id: 24654). Additional developer-facing security / DevEx postings reference CI/CD and DevSecOps responsibilities (Job Id: 24658). Common skill/tool patterns: "Contribute to design and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework."and "Improve CI/CD, build performance, environment provisioning, and developer workflows."Gaps & Contradictions: Public, up-to-date team-size, detailed org chart, and direct reporting line to CISO/CTO are not published. Information not publicly available.
Key Initiatives
Security Champions Program: No Evidence Found. "Shift Left"in practice: Check Point automates scanning and testing for vulnerabilities from pre-commit to production, detecting code vulnerabilities to identify secrets and misconfigurations prior to deployment. Vulnerability management process: Intake sources include detecting code vulnerabilities and analyzing source code for third-party components. Triage/remediation SLAs, ticketing ownership, MTTR, or explicit Jira assignment language are not publicly available. Secure SDLC artifacts: Job posting evidence includes responsibilities to "Contribute to design and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework."Explicit public statements listing frequency of pen tests, threat modeling cadence, or mandatory security reviews per release are not publicly available. Recent initiatives (last 6 months): No AppSec-specific program publications found. Check Point announced AI Cloud Protect partnership/product, which is product/security offering news rather than internal AppSec program detail. Gaps & Contradictions: Detailed triage workflows, SLA numbers, security champions program details, and explicit secure-code ceremony schedules are not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.