Product Security Architect

About us

Esh is an innovative banking technology group dedicated to modernizing finance by offering an efficient, automated, cloud-based banking platform. Our solution significantly reduces costs and time, fostering an improved financial experience between banks and their customers.

In an era of automated economic transactions and rapidly evolving machine learning, our novel banking platform presents a compelling alternative to outdated core systems. For the first time, we offer a complete end-to-end solution within a unified modular system. We are driving a technological revolution and reshaping the future of banking. Providing a Cloud base system, Deployed in AWS (multi-region, multi-AZ), our infrastructure must meet the highest standards of availability, security, compliance, and recoverability.

Join our groundbreaking technology company and be part of transforming the banking system.

Description

We are looking for a Product Security Architect to join our Cyber Security team and make a significant impact on our groundbreaking platform. In this role, you will partner cross-functionally with engineering and product teams to embed security into the DNA of our software. Beyond just identifying vulnerabilities, you will architect secure solutions, automate security testing within the SDLC, and champion a security-first culture. You will provide expert technical guidance from the initial design phase through to deployment, ensuring our products remain robust, reliable, and secure.

Responsibilities

• Partner cross-functionally with engineering and product teams to integrate security milestones throughout the entire software development lifecycle.
• Champion security education by leading workshops on secure coding and threat modeling, empowering developers to build secure software.
• Participate in vulnerability management, including reproduction and triage, ensuring all security findings are resolved and verified.
• Lead critical security initiatives, including code reviews, architectural threat modeling, and rigorous product assessments.
• Engineer and deploy automated tooling and scalable processes to minimize risk and reduce manual security overhead.
• Build and embed automated security testing into development workflows to continuously validate code integrity.

Requirements

• 5+ years of experience in Application or Product Security, with a deep understanding of the Software Development Life Cycle (SDLC) and secure design principles.
• Proven track record in execution of threat modeling, architectural design reviews, and security code reviews to identify and mitigate risks early.
• Proficiency in reading and writing code in Python, Java, JavaScript, Swift, or similar languages (essential for code review and automation tasks).
• Hands-on expertise with security tooling (SAST, SCA, DAST) and penetration testing, including experience integrating these tools into CI/CD pipelines.
• Strong communication & collaboration skills: Fluent in English and Hebrew (written and spoken), with the ability to partner effectively with engineering teams and drive security culture.

Skilles & Knowledge:

• AppSec Tooling & Automation: Deep expertise in SAST, SCA, DAST, and interactive testing tools, with specific experience integrating them into CI/CD pipelines.
• Core Security Mechanisms: Solid understanding of encryption, authentication protocols, and authorization standards.
• Vulnerability Management: Comprehensive knowledge of common attack vectors (OWASP Top 10, CWE) and practical remediation strategies for web and mobile.
• Risk & Strategy: Proficiency in Threat Modeling frameworks and risk assessment methodologies to drive secure architectural design.

Advantage:

• Educational Background: B.Sc./M.Sc. in Computer Science, Software Engineering, or a related technical field.
• Certifications: Advanced industry credentials such as OSWE, OSCP, CISSP, CISM, or equivalent.
• Advanced Automation: Experience building custom security tools or orchestrating complex CI/CD security integrations (e.g., GitHub Actions, Jenkins, GitLab CI).
• Mobile Expertise: Specialized background in mobile application development (iOS/Android) or mobile penetration testing.
• Community Engagement: Active contributions to open source projects, tool development, or public vulnerability research.

If you are up to the challenge of disrupting the banking industry - we are looking for you!

esh is proud to be an equal-opportunity workplace. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital state, disability, or gender identity.