Application Security Architect

Company Description Intensity Global Group (IG) is a cybersecurity technology consulting company specializing in information security, incident response, and cyber intelligence. Founded in 2008, IG focuses on identifying unknown attacks and hidden vulnerabilities using attacker-like methodologies, both inside and outside client environments. The company delivers advanced Israeli cyber technologies and services led by experienced cybersecurity researchers and experts who design, implement, and manage end-to-end security solutions. IG helps organizations detect, prevent, analyze, and respond to zero-day exploits, advanced persistent threats, ransomware, malware, and emerging threats. With offices in the USA, Australia, and its global headquarters in Israel, IG serves government, telecom, financial, defense, insurance, and global technology clients.

Role Description This is a full-time hybrid role for an Application Security Architect based in Petah Tikva/north , with flexibility for partial work from home. The Application Security Architect will design, implement, and maintain secure application architectures across cloud-native, web, and mobile environments, aligning solutions with IG and client security standards. Responsibilities include performing threat modeling, secure design reviews, and code-level security assessments, as well as defining security controls, patterns, and reference architectures. The role involves collaborating closely with development, DevOps, infrastructure, and incident response teams to embed security into the SDLC and CI/CD pipelines. The Application Security Architect will also evaluate and integrate application security tools, support security incident investigations related to applications, develop security guidelines, and mentor engineering teams on secure coding and design best practices.

Qualifications

• Strong experience in application security architecture, including threat modeling, secure design reviews, and security requirements definition for web, mobile, and cloud-native applications.
• Hands-on familiarity with secure SDLC practices, including integration of SAST/DAST/IAST, SCA, and related tooling into CI/CD pipelines.
• Solid understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, CVE, NIST, ISO 27001, PCI-DSS) and practical approaches to remediation.
• Proficiency in at least one modern programming language (such as Java, C#, JavaScript/TypeScript, Python, or Go) and experience reviewing code for security issues.
• Knowledge of cloud security principles and services in major cloud platforms (e.g., AWS, Azure, GCP), including identity, access management, and application-level controls.
• Experience working with cross-functional teams (engineering, DevOps, operations, product) and the ability to translate complex security concepts into clear technical and non-technical guidance.
• Strong analytical, problem-solving, and documentation skills, with the ability to prioritize risks and recommend actionable, pragmatic solutions.