Application Security Engineer

We are looking for

An Application Security Engineer to join the AppSec team at our Rehovot/Haifa sites, within the Headquarters \& GO division. If you are passionate about application security, DevSecOps, and finding real vulnerabilities in complex environments — this is your opportunity to work hands-on with advanced technologies and make a real impact in a leading defense organization.

In this role you will

Implement and operate application security controls within CI/CD pipelines (SAST, SCA, DAST, secrets scanning)

Perform application security assessments, including code reviews and vulnerability analysis

Support and enforce secure SDLC (SSDLC) practices across development teams

Analyze and validate vulnerabilities, reducing false positives and prioritizing real risks

Work closely with developers to drive remediation and improve secure coding practices

Assist in software supply chain security, including SBOM analysis and open-source risk management

Integrate security findings into SIEM (Sentinel) and support detection use cases

Collaborate with DevOps and R\&D teams to ensure security-by-design implementation

Requirements

Bachelor's degree in Computer Science, Information Security, or a related field

3–5 years of experience in Application Security, Cybersecurity, or DevSecOps

Strong understanding of OWASP Top 10, secure coding principles, CI/CD pipelines, and modern application architectures

Hands-on experience with SAST, DAST, or SCA tools and web application testing tools (e.g. Burp Suite)

Basic scripting skills (Python / Bash)

Good communication skills in English

Experience with JFrog Xray, Black Duck, SIEM systems (Microsoft Sentinel), API security testing, or cloud environments (AWS / Azure) - Advantage

Background in penetration testing or bug bounty - Advantage

*Only relevant applications will be answered

#Haifa