We are looking for an experienced Application Security Engineer to join us! As an Application Security
Engineer, you will work as part of our security and R&D teams and collaborate with other IT professionals to ensure that our application, the product, the services, and the data are protected.
This is a full-time and onsite (hybrid-remote) role at our Tel Aviv office.
Responsibilities:
โ Providing technical leadership, guidance, and direction to the DevOps, Development, and Product teams on secure code programming, based on industry best practices.
โ Developing and maintaining specific documentation of application security controls, policies, and procedures and ensuring their implementation.
โ Designing technical solutions to address security weaknesses.
โ Analyzing system services, and spotting issues in code, infrastructure, and applications.
โ Develop and implement continuous service improvements to the Application Security Management program.
โ Deliver next-generation application security controls, solve technical barriers with tools and processes, and align with application teams to ensure strong adoption.
โ Perform threat modeling, static and/or dynamic analysis, application security validation (negative and positive), source code review, and app PenTests to provide development guidance based on security best practices.
โ Update the library of information security documentation with application standards, work instructions, and training materials.
โ Develop communication plans for the enterprise security application function by partnering with
business and enterprise architects.
โ Conducting pilot or POC with selected vendors for threat modeling, architecture reviews, code scanning, and penetration testing.
โ Collaborating with cross-functional teams and getting their cooperation.
Requirements:
โ 4+ years of overall technical experience in system design, project development, and production
support of large cloud-native web applications/systems.
โ Secure software development framework experience and adherence to industry benchmarks (OWASP top 10, SANS top 25, MS SDL, CWE 25).
โ Application penetration testing experience.
โ Experience working with static/dynamic analysis tools - SAST/DAST (such as BlackDuck,
SonarQube, Seeker, Coverity).
โ We are looking for a self-motivated person who is flexible and will be adaptive to a very busy work environment!
โ A bachelor's or master's degree in computer science, information security, or other related fields-
an advantage.