Application Security Specialist
Operations
Herzliya, Israel
Responsibilities
Perform hands-on application penetration testing across web, mobile, API, thick client, AI/LLM integrations, and MCP-enabled application components.
Perform threat modeling and secure design reviews to identify risks early in the development lifecycle.
Support development teams with practical remediation guidance and secure implementation recommendations.
Perform Secure Software Development Lifecycle and secure coding training for developers.
Evaluate and improve customers’ application security development lifecycle, including secure coding practices, vulnerability management, remediation workflows, and security gates.
Participate in client-facing discussions, including assessment scoping, finding walkthroughs, remediation alignment, and retest updates.
Qualifications
2+ years of hands-on experience in application penetration testing.
Strong understanding of OWASP Top 10 and CWE Top 25, with proven experience identifying vulnerabilities and supporting practical remediation strategies.
Familiarity with high-level programming languages (Java, JS, Python, etc.).
Relevant App PT training and certifications such as EWPTX, OSWE, etc.
Strong English communication skills, with the ability to communicate technical topics clearly in client-facing discussions.
Advantage: Deep understanding of the LLM Top 10, AI security risks, MCP security risks, and AI/LLM hacking techniques.
Advantage: Proven experience in secure code review or high-level code auditing.
Advantage: Knowledge of Secure SDLC practices, and methodologies, including Microsoft SDL, OWASP SAMM, and OWASP ASVS.