We are looking for an experienced Application Security Engineer to join us! As an Application Security
Engineer, you will work as part of our security and R&D teams and collaborate with other IT professionals to ensure that our application, the product, the services, and the data are protected.
This is a full-time and onsite (hybrid-remote) role at our Tel Aviv office.
Responsibilities:
● Providing technical leadership, guidance, and direction to the DevOps, Development, and Product teams on secure code programming, based on industry best practices.
● Developing and maintaining specific documentation of application security controls, policies, and procedures and ensuring their implementation.
● Designing technical solutions to address security weaknesses.
● Analyzing system services, and spotting issues in code, infrastructure, and applications.
● Develop and implement continuous service improvements to the Application Security Management program.
● Deliver next-generation application security controls, solve technical barriers with tools and processes, and align with application teams to ensure strong adoption.
● Perform threat modeling, static and/or dynamic analysis, application security validation (negative and positive), source code review, and app PenTests to provide development guidance based on security best practices.
● Update the library of information security documentation with application standards, work instructions, and training materials.
● Develop communication plans for the enterprise security application function by partnering with
business and enterprise architects.
● Conducting pilot or POC with selected vendors for threat modeling, architecture reviews, code scanning, and penetration testing.
● Collaborating with cross-functional teams and getting their cooperation.
Requirements:
● 4+ years of overall technical experience in system design, project development, and production
support of large cloud-native web applications/systems.
● Secure software development framework experience and adherence to industry benchmarks (OWASP top 10, SANS top 25, MS SDL, CWE 25).
● Application penetration testing experience.
● Experience working with static/dynamic analysis tools - SAST/DAST (such as BlackDuck,
SonarQube, Seeker, Coverity).
● We are looking for a self-motivated person who is flexible and will be adaptive to a very busy work environment!
● A bachelor's or master's degree in computer science, information security, or other related fields-
an advantage.