Join Us at Allot
Job Description :
Who we are:
Allot is an industry leader in network security and visibility. A global growing company in cyber-security with a strong Tier1 customer base. We embrace an Agile way of working, priding ourselves on being fast, diverse, and dynamic. We are real team players who are ready to go the extra mile to succeed. We believe that anyone can make an impact and together our team spirit makes all the difference. This is your opportunity to develop, professionally, and personally.
What we’re looking for:
We’re looking for Application Security Expert to join our Application security (AppSec) is an integral part of Allot products’ security.
You will work closely with R&D, DevOps teams, and PMs to ensure the security, design, and architecture of our applications.
What you’ll do:
- Lead in-depth security assessments and architecture reviews.
- Review applications and source code for potential security issues and work with engineering on remediation.
- Helping manage, triage, and provide remediation guidelines for findings from various sources like penetration tests, automated scanners, etc.
- Lead Threat modeling of the application stack, including applications built on the premise, virtualized, containerized, and emerging technologies.
- Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks.
- Actively promote improving the security culture and education within the organization while working closely with software architects, developers, and DevOps.
What you should have:
- 5+ years of relevant work experience as an Application Security Expert.
- Experience using SAST and DAST tools for application security testing Services (work with tools like Blackduck, Xray, Veracode, SonarQube, Snyk, Aqua Security).
- Support application security reviews: Threat modeling, Application code (in-house) & dependencies (libraries, packages, etc.), Authentication & authorization flows, Application configuration, Data privacy (encryption, anonymization).
- Experience with secure coding techniques
- Experience in Cloud technologies, SaaS environments, and microservices architecture
- Deep understanding of cyber security frameworks, such as MITRE, OWASP, CWE, NIST, and others
- Ensure the provided solutions and production environment meet multiple standards, regulations, and audits such as ISO27001, CIS benchmarks, PCI-DSS, SOX, GDPR, CCPA etc.
- Hands-on experience as a Cyber security engineer with extensive knowledge in network security, Firewalls, WAF, application security, exploits and vulnerabilities, Load-Balancers, and more.
- Assist and mentor other team members for secure design, S-SDLC methodology, and DevSecOps methods
- Experience with securing cloud environments such as Azure, GCP, or AWS (AWS big advantage).
- Excellent problem-solving skills, along with the ability to work independently.
- Being able to cooperate closely with all business lines and functions of the company.
- Advanced English level - MUST
As an advantage:
- Experience with securing containerized environments and micro-services (i.e. Docker & K8S).
- Security-related certifications (CCSP, CISSP, CISM, CISA, etc.).