Back to search
Cye Linkedin · Posted 14d ago

Application Security Specialist

Herzliya

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

CYE is looking for a talented Application Security Specialist to join our team. In this role, you will take an active part in application penetration testing, threat modeling, Secure SDLC activities, and AppSec initiatives that help evaluate and improve security posture. The position includes hands-on security testing of web, mobile, API, thick client, AI/LLM integrations, and MCP-based application components, identifying and validating vulnerabilities, assessing real business impact, supporting customers with clear remediation guidance, and contributing to application security processes, tools, and best practices.

Responsibilities

  • Perform hands-on application penetration testing across web, mobile, API, thick client, AI/LLM integrations, and MCP-enabled application components.
  • Perform threat modeling and secure design reviews to identify risks early in the development lifecycle.
  • Support development teams with practical remediation guidance and secure implementation recommendations.
  • Perform Secure Software Development Lifecycle and secure coding training for developers.
  • Evaluate and improve customers’ application security development lifecycle, including secure coding practices, vulnerability management, remediation workflows, and security gates.
  • Participate in client-facing discussions, including assessment scoping, finding walkthroughs, remediation alignment, and retest updates.

Qualifications

  • 2+ years of hands-on experience in application penetration testing.
  • Strong understanding of OWASP Top 10 and CWE Top 25, with proven experience identifying vulnerabilities and supporting practical remediation strategies.
  • Familiarity with high-level programming languages (Java, JS, Python, etc.).
  • Relevant App PT training and certifications such as EWPTX, OSWE, etc.
  • Strong English communication skills, with the ability to communicate technical topics clearly in client-facing discussions.
  • Advantage: Deep understanding of the LLM Top 10, AI security risks, MCP security risks, and AI/LLM hacking techniques.
  • Advantage: Proven experience in secure code review or high-level code auditing.
  • Advantage: Knowledge of Secure SDLC practices, and methodologies, including Microsoft SDL, OWASP SAMM, and OWASP ASVS.

About Us

CYE’s exposure management platform, Hyver, transforms the way security teams protect their organizations. With CRQ at its core, Hyver reveals exposure in financial terms, visualizes attack routes to critical business assets, and creates tailored mitigation plans. Founded in 2012, CYE has served hundreds of organizations globally.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent