Application Security Specialist

CYE
CYE

Operations

Herzliya, Israel

Posted on Jul 1, 2026
CYE is looking for a talented Application Security Specialist to join our team. In this role, you will take an active part in application penetration testing, threat modeling, Secure SDLC activities, and AppSec initiatives that help evaluate and improve security posture. The position includes hands-on security testing of web, mobile, API, thick client, AI/LLM integrations, and MCP-based application components, identifying and validating vulnerabilities, assessing real business impact, supporting customers with clear remediation guidance, and contributing to application security processes, tools, and best practices.

Responsibilities

  • Perform hands-on application penetration testing across web, mobile, API, thick client, AI/LLM integrations, and MCP-enabled application components.

  • Perform threat modeling and secure design reviews to identify risks early in the development lifecycle.

  • Support development teams with practical remediation guidance and secure implementation recommendations.

  • Perform Secure Software Development Lifecycle and secure coding training for developers.

  • Evaluate and improve customers’ application security development lifecycle, including secure coding practices, vulnerability management, remediation workflows, and security gates.

  • Participate in client-facing discussions, including assessment scoping, finding walkthroughs, remediation alignment, and retest updates.

Qualifications

  • 2+ years of hands-on experience in application penetration testing.

  • Strong understanding of OWASP Top 10 and CWE Top 25, with proven experience identifying vulnerabilities and supporting practical remediation strategies.

  • Familiarity with high-level programming languages (Java, JS, Python, etc.).

  • Relevant App PT training and certifications such as EWPTX, OSWE, etc.

  • Strong English communication skills, with the ability to communicate technical topics clearly in client-facing discussions.

  • Advantage: Deep understanding of the LLM Top 10, AI security risks, MCP security risks, and AI/LLM hacking techniques.

  • Advantage: Proven experience in secure code review or high-level code auditing.

  • Advantage: Knowledge of Secure SDLC practices, and methodologies, including Microsoft SDL, OWASP SAMM, and OWASP ASVS.

About us
CYE’s exposure management platform, Hyver, transforms the way security teams protect their organizations. With CRQ at its core, Hyver reveals exposure in financial terms, visualizes attack routes to critical business assets, and creates tailored mitigation plans. Founded in 2012, CYE has served hundreds of organizations globally.