Application Security Engineer
We are looking for An Application Security Engineer to join the AppSec team at our Rehovot/Haifa sites, within the Headquarters & GO division. If you are passionate about application security, DevSecOps, and finding real vulnerabilities in complex environments — this is your opportunity to work hands-on with advanced technologies and make a real impact in a leading defense organization. In this role you will Implement and operate application security controls within CI/CD pipelines (SAST, SCA, DAST, secrets scanning) Perform application security assessments, including code reviews and vulnerability analysis Support and enforce secure SDLC (SSDLC) practices across development teams Analyze and validate vulnerabilities, reducing false positives and prioritizing real risks Work closely with developers to drive remediation and improve secure coding practices Assist in software supply chain security, including SBOM analysis and open-source risk management Integrate security findings into SIEM (Sentinel) and support detection use cases Collaborate with DevOps and R&D teams to ensure security-by-design implementation Requirements Bachelor's degree in Computer Science, Information Security, or a related field 3–5 years of experience in Application Security, Cybersecurity, or DevSecOps Strong understanding of OWASP Top 10, secure coding principles, CI/CD pipelines, and modern application architectures Hands-on experience with SAST, DAST, or SCA tools and web application testing tools (e.g. Burp Suite) Basic scripting skills (Python / Bash) Good communication skills in English Experience with JFrog Xray, Black Duck, SIEM systems (Microsoft Sentinel), API security testing, or cloud environments (AWS / Azure) - Advantage Background in penetration testing or bug bounty - Advantage *Only relevant applications will be answered