Senior Product Security Engineer

esh is seeking a Senior Product Security Engineer to join our Cyber Security team and make a significant impact on our groundbreaking platform. In this role, you will partner cross-functionally with engineering and product teams to embed security into the DNA of our software. Beyond just identifying vulnerabilities, you will architect secure solutions, automate security testing within the SDLC, and champion a security-first culture. You will provide expert technical guidance from the initial design phase through to deployment, ensuring our products remain robust, reliable, and secure.

About Us

Hi. We are esh. A banking technology group with a goal to take the world of finance and march it to the 21st century by offering a technology banking solution that incorporates the efficiency of an automated, cloud-based banking operating system platform, enabling to dramatically reduce costs, time constraints and create a better financial environment between the bank and its customers.

In a reality where economic transactions are performed automatically and machine learning keeps developing and challenging traditional models, a new banking platform creates an alternative to outdated core systems used in banks today, and enables for the first time, a complete end to end platform under one modular system. We are creating not only a revolutionary technological change, but also a change in perception for all of us.

Responsibilities

• Partner cross-functionally with engineering and product teams to integrate security milestones throughout the entire software development lifecycle.
• Champion security education by leading workshops on secure coding and threat modeling, empowering developers to build secure software.
• Participate in vulnerability management, including reproduction and triage, ensuring all security findings are resolved and verified.
• Lead critical security initiatives, including code reviews, architectural threat modeling, and rigorous product assessments.
• Engineer and deploy automated tooling and scalable processes to minimize risk and reduce manual security overhead.
• Build and embed automated security testing into development workflows to continuously validate code integrity.
  
  

• 5+ years of experience in Application or Product Security, with a deep understanding of the Software Development Life Cycle (SDLC) and secure design principles.
• Proven track record in execution of threat modeling, architectural design reviews, and security code reviews to identify and mitigate risks early.
• Proficiency in reading and writing code in Python, Java, JavaScript, Swift, or similar languages (essential for code review and automation tasks).
• Hands-on expertise with security tooling (SAST, SCA, DAST) and penetration testing, including experience integrating these tools into CI/CD pipelines.
• Strong communication & collaboration skills: Fluent in English and Hebrew (written and spoken), with the ability to partner effectively with engineering teams and drive security culture.
  
  

• AppSec Tooling & Automation: Deep expertise in SAST, SCA, DAST, and interactive testing tools, with specific experience integrating them into CI/CD pipelines.
• Core Security Mechanisms: Solid understanding of encryption, authentication protocols, and authorization standards.
• Vulnerability Management: Comprehensive knowledge of common attack vectors (OWASP Top 10, CWE) and practical remediation strategies for web and mobile.
• Risk & Strategy: Proficiency in Threat Modeling frameworks and risk assessment methodologies to drive secure architectural design.
  
  

• Educational Background: B.Sc./M.Sc. in Computer Science, Software Engineering, or a related technical field.
• Certifications: Advanced industry credentials such as OSWE, OSCP, CISSP, CISM, or equivalent.
• Advanced Automation: Experience building custom security tools or orchestrating complex CI/CD security integrations (e.g., GitHub Actions, Jenkins, GitLab CI).
• Mobile Expertise: Specialized background in mobile application development (iOS/Android) or mobile penetration testing.
• Community Engagement: Active contributions to open source projects, tool development, or public vulnerability research.