Application Security Engineer

Responsibilities Integrate security tools (SAST, DAST, SCA, secret scanning) into CI/CD pipelines using GitHub Actions, Jenkins, and related DevOps tooling Lead threat modeling and secure architecture reviews for new features, APIs, and blockchain systems Conduct smart contract security reviews and advise on cryptographic and wallet security patterns Coordinate penetration tests, manage bug bounty reports, and track remediation through development teams Build reusable security components, libraries, and developer-friendly guardrails Deliver internal training, build a security champion network, and drive adoption of AppSec best practices Produce security metrics, documentation, and audit evidence to support FFIEC, PCI DSS, SOC 2 compliance Stay current on evolving threats in blockchain, DeFi, GenAI, and supply-chain ecosystems Native-level fluency in both English and Hebrew (written and verbal)—Must 7+ years in software or security engineering, including 5+ in application security roles Strong coding skills in a modern language (e.g., JavaScript/TypeScript, Python, Go, Java, C#) Deep experience securing cloud-native applications and APIs in AWS, Azure, or similar environments Hands-on experience with blockchain platforms—smart contract audits, key management, or custody Familiarity with modern DevSecOps pipelines and AppSec tooling (SAST, SCA, IaC scanners) Working knowledge of PCI DSS, NIST, OWASP ASVS, and other security frameworks Excellent problem-solving and communication skills, with the ability to influence engineers and leadership