Application Security Engineer (24500)

Who we are:

Yael Group is a leading technology solutions provider in the Israeli market, delivering advanced and innovative IT services to organizations across diverse industries.

Job Description:

• Leading and guiding development and QA teams in the Digital Space project, from requirements definition through go-live, ensuring compliance with technological, architectural, regulatory, and especially security standards
• Providing solutions to complex information security challenges throughout development, integration, and implementation of new and existing systems
• Implementing Secure SDLC principles and methodologies and supporting development teams in their adoption
• Evaluating and recommending new technologies and tools that support the project’s and the bank’s information security objectives
• Active involvement in planning and designing system architecture within the Digital Space project, with emphasis on cloud solutions (Azure/GCP) and hybrid environments, ensuring Security by Design
• Participating in communication approval processes, provisioning components and resources in cloud and on-prem environments, and defining secure infrastructure configurations
• Working closely with infrastructure, information security, and DevSecOps teams to ensure reliable, secure, and high-performance solutions
• Deep understanding of code scanning tools (SAST/DAST) and additional tools integrated into CI/CD processes (such as Checkmarx, Sentinel, XRay)
• Providing guidance on DevSecOps practices, including defining security policies, secrets management, and implementing best practices in development and production environments

Job Requirements:

• At least 3 years of experience in software development / technological guidance / architecture, with proven specialization in Application Security within an Enterprise environment
• Proven experience working on large-scale, multi-interface projects
• Extensive experience in development and/or guidance in cloud environments (GCP, Azure) – mandatory
• Understanding and hands-on experience with DevOps and DevSecOps, including CI/CD, automation, and version control (Git)
• In-depth familiarity and experience with code scanning tools (SAST/DAST) and additional security tools integrated into CI/CD processes (e.g., Checkmarx, Mend, Sentinel, XRay, CX)
• Familiarity with platforms such as Jenkins, GitAction, GitLab CI, Azure DevOps, Artifactory/Nexus, K8S, GKE, OCP
• Development experience (Python, Java, .NET, etc.) – significant advantage, demonstrating deep understanding of code and vulnerabilities
• Proven knowledge and experience in Application Security and secure development methodologies (OWASP Top 10, SANS Top 25)
• Advantage – experience in PT (Penetration Testing)
• Ability to lead and provide technological and security guidance to teams
• Ability to work independently and collaboratively, with strong interpersonal communication skills and the ability to work across multiple interfaces (Development, QA, Infrastructure, Cyber)
• Fast self-learning ability and capability to adapt to new technologies
• Bachelor’s degree in Computer Science / Software Engineering / Information Systems or a related field – significant advantage