Application Security Engineer (392)

Job Description:
Provide end-to-end guidance for technology projects on application security aspects, from initiation to production, while defining security policies.
Draft security guidelines for development teams to ensure secure coding practices, address vulnerabilities and security gaps in development and production environments and implement technological security solutions in application domains.
Collaborate in designing secure architectures aligned with company policies.
Identify application-level security gaps and define required controls.
Monitor and ensure compliance with cybersecurity risk management directives issued by the regulatory authority, organizational procedures, and security guidelines for various business and technology units.
Support application security assessments, including scope definition, validation of findings, and oversight of remediation efforts to close exposures.
Draft requirement documents for security products and innovative technologies.

דרישות:

Proven experience in managing information security projects.
Employment history in large organizations.
Experience in risk management and security controls.
Solid understanding of information systems and security standards, regulations, and procedures.
Full proficiency in Application Security domains and secure development methodologies.
Experience working with development and infrastructure teams.
Hands-on experience in API Management and API Security (e.g., APIGEE, DataPower, etc.).
In-depth knowledge of cloud technologies and cloud-native applications, with emphasis on Containers, Kubernetes (K8s), Serverless, etc.
Practical experience with CI/CD systems, GIT tools, code and version management repositories, and Infrastructure as Code (IaC) implementation.
Hands-on experience implementing security tools such as CWPP, SAST, DAST, OSS, etc.
Strong familiarity with OWASP Top 10.
Proven knowledge in Mobile Security.
Experience with Threat Modeling. המשרה מיועדת לנשים ולגברים כאחד.