דרושים » אבטחת מידע וסייבר » AppSec Engineer

we are an AI-first tech company in the automotive space with hubs across the US and Israel. Our mission is to constantly disrupt the industry by creating new, groundbreaking technologies to help dealers build stronger, more resilient businesses. Our work happens in the fast lane as we work to bring AI and data -driven solutions to a quickly evolving industry. Our team at our company is made up of curious and creative individuals who are always looking to achieve the impossible. We are bold, collaborative, and goal driven, and, at our core, we believe every voice has value and can impact our bottom line. We are looking for an AppSec Engineer to join our team and make a real impact on our Secure Software Development Lifecycle! As an AppSec Engineer your mission will be to be the driving force behind our secure development lifecycle. You wont just find bugs; you will help build the systems that prevent them. You will have the opportunity to help navigate the "Agentic Era" by building autonomous security guardrails, securing LLM-based workflows, and empowering developers to move fast without breaking security. This is a mid-level role reporting to the AppSec Architect and can be based out of our Tel-Aviv or Jerusalem offices.
What you will be responsible for:
Build & automate: Develop and maintain internal security tooling, automated workflows, and AI security agents. Code integrity: Execute secure code reviews and provide actionable remediation guidance to engineering teams. Vulnerability management: Lead the tracking, triaging, and reporting of security flaws across all product lines. Best practice advocacy: Drive the adoption of secure coding standards, partnering with R&D and DevOps teams to embed security early and often. Extend our D&R capabilities: Build scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents. Document: Draft requirement documents for security products and innovative technologies.
The top candidate will also have:

* Endless curiosity and passion for emerging technology
* Ability to handle prioritize and execute multiple tasks simultaneously.
* Ability to work collaboratively across multiple departments.
* Fluent in Hebrew & English - ability to lead meetings and present.
* Strong communication and collaboration skills.
Why you should join us:

* Family-friendly environment and flexible working hours.
* Our global team is made up of awesome forward thinking, innovative go-getters.
* Learning and growth opportunities within a fast-paced tech startup environment.
* Clear career advancement path for strong performers.
* We are committed to setting each other up for success. As a member of our team, you will work within an environment that encourages growth, initiative taking and continuous mutual feedback in order to reach your full potential.
* And of course, Cibus and lots of yummy treats in the kitchen:-)

We are looking for an Application Security Engineer to join our Security Engineering team.

What you will be doing:

As an Application Security Engineer , you will play a critical role in ensuring our software applications are secure by design and resilient against evolving threats. You will collaborate closely with development, DevOps, and product teams to embed security throughout the SSDLC and drive secure coding practices.

Conduct security assessments, penetration tests, and code reviews across web, mobile, and cloud applications.

Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using platforms like Azure DevOps, GitHub Actions.

Design and enforce secure coding standards and SSDLC policies.

Collaborate with developers to remediate vulnerabilities and provide inline guidance during PR reviews.

Lead threat modeling and architecture reviews for new features and services.

Manage secrets, access controls, and data confidentiality assurance across applications.

Monitor public exposure of cloud resources and enforce Azure policies to prevent misconfigurations.

Participate in incident response and forensic analysis for application-related security events.

Deliver security awareness training and documentation for engineering teams.

Maintain up-to-date knowledge of OWASP Top 10, secure coding techniques, and emerging threats.

The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Leader / Program Manager, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

We are seeking a Security Operations Engineer to join our Security team, reporting to the CIO. This is a hands-on role where you will design and operate security infrastructure, lead cloud security initiatives, and rethink our security architecture. You'll build AI-powered solutions to automate security triage and response, while partnering cross-functionally with DevOps, IT, and Engineering teams to drive security outcomes across the organization.
What you will do :
Design, implement, and operate security monitoring capabilities using a SIEM platform to detect, analyze, and respond to threats in real time. Deploy and manage EDR, DLP, CSPM, and other security controls across the environment.
Build and maintain cloud security architectures, ensuring strong IAM, network segmentation, encryption, and a zero-trust approach across all cloud deployments.
Continuously evaluate and evolve the security architecture and defense in depth strategy. Integrate tools and systems across the stack to enable unified telemetry, seamless data flow, and automated response actions.
Develop AI powered agentic solutions and operational automations using n8n. Use Infrastructure as Code to automate deployment, configuration management, and ongoing lifecycle operations for security infrastructure.
Create and tune detection rules, build log ingestion pipelines, and conduct proactive threat hunting. Lead monitoring, investigation, and remediation efforts using structured DFIR methodologies.
Embed security into CI/CD pipelines and broader DevSecOps workflows. Partner with DevOps, IT, and Engineering teams to integrate security into day to day operations and technical decision making.
Implement and maintain controls aligned with HIPAA, HITRUST, and SOC 2 requirements. Perform security assessments for vendors, SaaS platforms, and internal applications.

Were looking for a Staff Application Security Engineer to join our IT and Security team. This role is ideal for a hands-on security professional who is passionate about working closely with engineering teams to design secure software, fix vulnerabilities, and promote a culture of security across the organization.
Youll be responsible for shaping and owning our Secure Software Development Lifecycle (SSDLC), managing security tooling, and leading the assessment of application and API security across our products and services.
Here are a few of the things you will do:
Collaborate directly with engineering teams to define remediation strategies, track implementation, and validate security fixes across the application stack.
Design, implement, and drive SSDLC practices across the company-from security design reviews and threat modeling to proactive triaging in production.
Conduct threat modeling, architecture reviews, and security assessments of cloud-based applications and services, including those leveraging emerging technologies.
Manage our bug bounty program, validating reports and coordinating response and resolution.
Own and operate our suite of AppSec tools including SAST, ASPM, and other security scanners-triaging findings, prioritizing issues, and guiding engineering toward resolution.
Review source code and applications to identify vulnerabilities and collaborate with dev teams on remediation.
Act as the point of contact for findings from penetration tests, automated scanners, and external assessments, helping manage triage and ensure timely fixes.
Continuously research and stay current with application security trends, frameworks, vulnerabilities, and best practices.
Promote a strong security culture across by educating and enabling engineers, architects, and DevOps teams to build secure software from the ground up.

We are looking for an experienced Security Engineer to join our security operations team with a strong focus on detection and response.

This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.



What You Will Do:

Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.

Build and maintain an effective and scalable security monitoring infrastructure solution.

Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.

Triage alerts and drive security incidents to closure while reducing their potential impact .

Build processes and workflows to triage security alerts and respond to real incidents.

Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.

Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.

Contribute to strategy, risk management, and prioritization for all efforts around detection and response.

Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.

Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.

Shape the Future of Cybersecurity with Us Are you driven by deep curiosity, bold innovation, and the desire to transform cutting-edge AI research into real-world cybersecurity impact? Join Cynet, an established yet rapidly growing cybersecurity startup, where you’ll help build next-generation AI-powered security products from the ground up. You’ll be part of a small, elite, cross-disciplinary team working closely with security researchers, R&D engineers, data engineers, and product leaders.
Here, you’re not just joining a company, you’re stepping into a place where you can envision, build, and deploy foundational AI technologies that protect organizations worldwide. You will have the rare opportunity to drive innovation end-to-end, shape our future technology, and create AI systems that make a real difference in defending against modern cyber threats.
This is a role for someone who wants to put their soul into their craft, someone hungry to learn fast, experiment boldly, and turn ambitious ideas into production-ready AI solutions.

What will you do:

* Drive innovation by combining deep security research with modern AI techniques to build impactful, customer-facing security capabilities.
* Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis.
* Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end.
* Engineer and implement core parser and model components in C++ and Python to seamlessly integrate into the Cynet Endpoint Agent and platform infrastructure.
* Use Cynet’s ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models.
* Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions.

About Us:
Cynet is a leader in threat detection and response, designed to simplify security for organizations of all sizes. Our mission is to empower lean security teams and their partners with an AI-powered, unified platform that autonomously detects, protects, and responds to threats - backed by 24×7 security experts. With a Partner First mindset , we focus on helping customers and partners stay protected, operate confidently, and achieve their goals. Our vision is to give every organization true cybersecurity peace of mind, providing fast, accurate protection without the noise or complexity.
This role follows a hybrid work model in countries where Cynet has offices (Israel, USA), while being fully remote in England, Poland, Italy, and Germany.

As an Application Security Engineer, you will act as a bridge between offensive security and engineering teams. You will leverage your penetration-testing mindset to proactively improve the security of applications throughout their lifecycles. This includes partnering with developers to identify and remediate vulnerabilities, contributing to secure design decisions, participating in threat modeling, and conducting security reviews. You will help build scalable, repeatable security practices that reduce risk across the product.
Responsibilities
Validating and prioritizing vulnerabilities from PTs, bug bounties, and tools
Collaborating with engineering teams on remediation
Participating in application security reviews
Supporting Secure Software Development Lifecycle (SSDLC)
Managing and using SAST, DAST, and SCA tools
Developing security standards and best practices.

Were looking for driven and talented people like you to join our R&D team and our mission to change the future of cloud security. Ready to dive in and swim with our pod?
Highlights:
High-growth: Over the past seven years, weve consistently achieved milestones that take other companies a decade or more. During this time, weve significantly grown our employee base, expanded our customer reach, and rapidly advanced our product capabilities.
Disruptive innovation: Our founders saw that traditional security didnt work for the cloud, so they set out to carve a new path. Were relentless pioneers who invented agentless technology and continue to be the most comprehensive and innovative cloud security company.
Well-capitalized: With a valuation of $1.8 billion, we are a cybersecurity unicorn dominating the cloud security space. Were backed by an impressive team of investors such as Capital G, ICONIQ, GGV, and SVCI, a syndicate of CISOs who invest their own money after conducting their due diligence.
Respectful and transparent culture: Our executives pride themselves on being accessible to everyone and believe in sharing knowledge with the employees. Each employee has a place in shaping the future of our industry.
About the role
We are in the process of crafting a dynamic, captivating, and rapidly evolving product that is reshaping the landscape of cloud security. As we expand, we are actively seeking individuals who are not only talented but also highly motivated, adept at multitasking, and proven team players to join our ranks. Our team consists of inspirational top-tier professionals dedicated to pioneering a paradigm shift in cloud security practices. We are deeply passionate about staying at the forefront of cutting-edge technology trends and are committed to integrating these innovations into our product. In this role, you will assume the pivotal position of lead developer, entrusted with spearheading the creation of innovative software products.
On a typical day youll:
Write clean, concise code that is stable, extensible, and unit-tested appropriately
Lead technical designs and implement new features end to end
Diagnose complex issues, evaluate, recommend and execute the best solution
Implement new requirements within our Agile delivery methodology while following our established architectural principles
Test software to ensure proper and efficient execution and adherence to business and technical requirements
Write code that meets the production requirements and design specifications and anticipate potential errors/issue
Provides input into the architecture and design of the product; collaborating with the team in solving problems the right way
Develop expertise of AWS, Azure, and GCP products and technologies.

We're looking for a Security Engineer - Product to spread our power. The ideal candidate will have experience performing security reviews, vulnerability management, and detection and response operations in cloud-native environments. Youll get to collaborate with our software development and DevOps teams to secure our products, CI/CD infrastructure, and production infrastructure. Youll also have the opportunity to influence our product roadmap to assess, monitor, and harden our environments.
WHAT YOULL DO
Lead threat modeling and security review exercises across our production and CI/CD environments - identifying and mitigating risks in our products and the cloud services that support them
Drive vulnerability management and remediation efforts - prioritizing issues, implementing mitigations, and designing strategic preventative controls
Extend our detection and response capabilities - building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
Collaborate with our Federal team - extending our DevSecOps and Product Security practices to our FedRAMP environment and ensure it meets key security requirements
Build deep functional partnerships with our engineering and operations teams - helping them deliver secure-by-design solutions.