Application Security Product Analyst

Come join the company that is reinventing cloud security and empowering businesses to thrive in the cloud. As the fastest-growing startup ever, Wiz is on a mission to help organizations secure cloud environments that will accelerate their businesses. Trusted by security teams all over the world, we have a proven track record of success and a culture that values world-class talent.

Our Wizards from over 20 countries work together to protect the infrastructure of our hundreds of customers, including over 50% of the Fortune 100, who trust us to scan and secure over 230 billion files daily. We’re the leading player in a massive and growing market, but it’s still early enough for you to make a significant impact. At Wiz, you’ll have the freedom to think creatively, dream big, and use your full range of skills to contribute to our record growth. Come join our team and help us create secure cloud environments that allow the best companies to move faster.

Summary

We're looking for a Application Security Product Analyst to join our Product team and spread the power of Wiz. In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent. You will bridge the gap between automated AI testing and security policy, defining the "rules of engagement" for our agents and ensuring they effectively simulate sophisticated attacks while maintaining operational safety.

What You’ll Do

• Oversee the daily deployment, health, and operation of DAST and penetration testing capabilities to ensure optimal scanning across diverse customer environments.
• Develop and maintain attack policies and rules by creating and fine-tuning the logic that defines how the system identifies, prioritizes, and exploits vulnerabilities.
• Analyze and validate findings by reviewing complex attack paths to reduce false positives and improve the core logic's performance.
• Research novel attack vectors and emerging web/API threats to translate new techniques into executable behaviors for the DAST engine.
• Collaborate on product evolution with R&D and Product teams, using operational insights to drive feature requests and continuous improvement.
  
  

What You’ll Bring

• Over 2 years of DAST and penetration testing expertise, including hands-on experience in application security or operating enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
• Proven ability in security rule and policy development, specifically in writing custom scripts or signatures to translate vulnerability classes into detection rules.
• Technical proficiency in web protocols and API standards, with a strong command of HTTP/S, REST, GraphQL, and authentication mechanisms like OAuth and SAML.
• Proficiency in scripting languages such as Python, Go, or JavaScript to automate tasks and interact with the codebase.
• An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
  
  

BONUS POINTS

• Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
• SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
• A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.
  
  

By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy and that you consent to the retention of your application for consideration for future opportunities at Wiz.

Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship. This role does not offer visa sponsorship.

Wiz is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy.