Application Security Analyst

Who are we?

Checkmarx is the leader in application security, ensuring that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies, including Siemens, Airbus, Salesforce, Stellantis, Adidas, Walmart, and Sanofi.

What are we looking for?

The Checkmarx Security Research group seeks an experienced, detail-oriented Application Security Analyst to join our team in Israel. Your role will include an in-depth understanding of vulnerabilities and how they occur in the code, from open-source libraries to proprietary code, and involvement with the whole security research group. On one hand, you will get familiar with our family of security products, such as SAST, DAST, SCA, SCS, and others. On the other hand, your work can include some scripting tasks for automating and improving processes, researching and supporting the development of new Product features, identifying 0-day vulnerabilities, and keeping up-to-date with the latest Application Security trends.

Apart from the Security Research group, you will collaborate with multiple Teams, including Product Management, R&D, and many others.

If you are passionate about security and enthusiastic about product-related matters and technical management, we are looking for you!

How will you make an impact?

• Assist the SCA analysts in conducting vulnerability analysis of known open-source software vulnerabilities to identify affected libraries and other elements, such as the affected vulnerable code.
• Analyze code containing various security risks & vulnerabilities written in multiple languages/frameworks.
• Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines.
• Supervise the technical components and collaborate with the required teams.
• Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements.
• Research ways to improve internal processes and promote relevant Product features.
• Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics.
• Develop Python scripts and tools for research purposes and automation.
• Research and discover 0-day vulnerabilities in open-source libraries.
  
  

• Passionate about security and keen on growing in the security field.
• 1-2 years of experience as an analyst or researcher.
• 1-2 years of experience in a similar role in the security field.
• Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices.
• Have a deep understanding of the OWASP Top 10.
• Experience with Python scripting/programming.
• Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently.
• Basic experience in conducting security research, bug bounties, and Pentesting.
• Optional: Knowledge in Observability/Monitoring tools such as Elastic, Kibana, Power BI, etc.
• Excellent writing and oral presentation skills in English.
• Ability to handle multiple requests and work in a fast-paced environment.
• Excellent organizational, interpersonal, and communication skills. The ability to innovate, think creatively, and pay close attention to details is essential in this position.
• Customer-oriented mindset and driven by innovation.
• A degree or certification in a relevant field – an advantage.