Application Security Engineer

Required Application Security Engineer
What You Will Do
As an Application Security Engineer, you will act as a bridge between offensive security and engineering teams. You will leverage your penetration-testing mindset to proactively improve the security of applications throughout their lifecycles. This includes partnering with developers to identify and remediate vulnerabilities, contributing to secure design decisions, participating in threat modeling, and conducting security reviews. You will help build scalable, repeatable security practices that reduce risk across the product.
Responsibilities:
Validating and prioritizing vulnerabilities from PTs, bug bounties, and tools
Collaborating with engineering teams on remediation
Participating in application security reviews
Supporting Secure Software Development Lifecycle (SSDLC)
Managing and using SAST, DAST, and SCA tools
Developing security standards and best practices.

דרישות:

2-3 years of experience in Application Security, with a strong background in secure application design, vulnerability analysis, and risk assessment.
Past experience as a Penetration Tester (Web and APIs), including extensive manual testing (not tool-only).
Strong ability to read, understand, and reason about code, especially in C# and JavaScript.
Deep understanding of OWASP Top 10 and OWASP Top 10 for LLM Applications.
Solid knowledge of OWASP ASVS (Application Security Verification Standard) and its practical application in security reviews.
Proven experience conducting application security reviews, including threat modeling and secure design validation (advantage).
Strong communication skills with developers, including the ability to explain security findings, risks, and remediation clearly and pragmatically.
Familiarity with cloud environments such as AWS, Azure, or GCP, including common security pitfalls.
Experience with bug bounty programs and/or Red Team activities (advantage).