Senior Application Security Engineer
Indexed description
A Senior AppSec Engineer partners closely with engineering and product teams to embed security into the software development lifecycle (SDLC), proactively identify risks, and ensure secure design, development, and deployment of products.
This role is based in the Forcepoint Israel office in Tel Aviv and follows a hybrid work model, with a minimum of two days per week working from the office.
Key Responsibilities
- Secure SDLC & Design (Shift-left)
- Lead threat modeling and secure design (SxD) activities
- Define and enforce secure coding standards (e.g., OWASP Top 10)
- Partner with engineering during architecture and design phases
- Security Testing & Validation
- Perform:
- Code reviews (manual and tool-assisted)
- Static analysis (SAST)
- Dynamic testing (DAST)
- Penetration testing
- Identify, triage, and validate vulnerabilities
- Support remediation and verify fixes
- DevSecOps, Automation & AI Enablement
- Integrate security tools into CI/CD pipelines
- Automate scanning, reporting, and ticketing workflows
- Build tooling to scale AppSec across products
- Leverage AI/ML capabilities to enhance vulnerability detection, prioritization, and remediation workflows
- Risk Assessment & Vulnerability Management
- Assess risk, exploitability, and impact
- Prioritize vulnerabilities and track remediation
- Maintain security posture visibility across products
- Engineering Partnership, Mentorship & Enablement
- Work closely with developers to:
- Explain security findings to both technical and non-technical audience
- Recommend practical and effective fixes
- Provide security guidance balancing usability and security, without impacting delivery
- Deliver training and security awareness
- Provide technical mentorship to engineers and junior AppSec team members
- Security Advocacy & Communication
- Act as a security champion across R&D
- Communicate risk clearly to:
- Engineers
- Product managers
- Leadership
- Bachelor’s degree in Computer Science, Security, or equivalent experience
- 5+ years in:
- Application security
- Software engineering with a security focus
- Strong knowledge of:
- Web/application vulnerabilities (OWASP Top 10)
- Secure coding practices
- APIs, microservices, and cloud-native architectures
- Hands-on experience in threat modeling and architecture reviews
- Prior software development experience
- Strong coding skills, preferably, C++ and Java, ability to read, write, and review code effectively
- Hands-on experience with:
- ASPM, SAST, DAST, and SCA tools
- CI/CD and DevSecOps pipelines
- Advanced experience applying AI (e.g., code generation, analysis and exploitation) across secure SDLC and AppSec practices, including evaluating and mitigating security risks such as insecure code suggestions, data leakage, and supply chain exposure.
- Strong ability to:
- Explain security issues in developer-friendly terms
- Influence engineering decisions
- Collaborate cross-functionally across R&D and product teams
- Security certifications (e.g., CISSP, CSSLP, OSCP)
- Experience with cloud-native stack and Windows internal
- Experience applying AI/automation in security workflows
- Familiarity with regulatory and compliance frameworks (e.g., SOC2, ISO27001)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search