Product Security Engineer

Description

About us

Hi. We are esh. A banking technology group with a goal to take the world of finance and march it to the 21st century by offering a technology banking solution that incorporates the efficiency of an automated, cloud-based banking operating system platform, enabling to dramatically reduce costs, time constraints and create a better financial environment between the bank and its customers. 

In a reality where economic transactions are performed automatically and machine learning keeps developing and challenging traditional models, a new banking platform creates an alternative to outdated core systems used in banks today, and enables for the first time, a complete end to end platform under one modular system. We are creating not only a revolutionary technological change, but also a change in perception for all of us. 

Job Description

esh is seeking a Product Security Engineer to join our Cyber Security team. This is an exciting opportunity to make a significant impact on our groundbreaking platform. In this role, you will analyze software designs and implementations from a security perspective, identifying and resolving security issues. You will ensure that the appropriate security analysis, defenses, and countermeasures are integrated at each phase of the software development lifecycle, resulting in robust and reliable software. Additionally, you will provide expert technical guidance and hands-on validation of secure solutions during the design, development, and testing of systems supporting esh products.

Responsibilities

• Work closely with product and development teams to integrate security practices into every phase of the software development lifecycle.
• Lead workshops and training sessions on secure coding practices, threat modeling, and the use of security tooling to promote SSDLC.
• Reproduce, triage, and address product security vulnerabilities, ensuring that all issues are properly addressed and mitigated.
• Lead and participate in security code reviews, threat modeling sessions, and product security assessments.
• Build and implement security processes and automated tools to prevent vulnerabilities and streamline security efforts.
• Develop automated security testing frameworks and integrate them into our development processes to validate secure coding best practices.

Requirements

• 5+ years of experience in Application/Product Security, with a deep understanding of secure development practices.
• Hands-on experience in threat modeling, design review, and code review for security vulnerabilities.
• Experience with Python, Java, JS, Swift, or similar languages.
• Excellent communication skills: Fluent in English and Hebrew (both spoken and written), with a positive attitude and strong collaboration skills across teams.

Skills & knowledge

• Expertise in using SAST, SCA, and penetration testing tools, as well as common security libraries.
• Knowledge of encryption, authentication, and authorization mechanisms.
• Understanding of secure software development, vulnerability management, and risk mitigation strategies.
• Knowledge of common vulnerabilities, attack vectors, and countermeasures in contemporary application development.

Direct manager

Interfaces

Challenges

Advantage

• B.Sc/M.Sc. in Computer Science or a related field.
• Relevant certifications: OSWE, OSCP, CEH, CISSP, CISM, or similar credentials.
• Experience in automating security checks: Familiarity with setting up security automation in development and deployment pipelines.
• Mobile application development or penetration testing experience is a plus.
• Open source contributions: Contributions to open source projects, whether through developing security tools or addressing vulnerabilities, are highly valued.

Think you have the passion and inner fire for it? Bring it on and challenge us!

esh is proud to be an equal opportunity workplace. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital state, disability or gender identity.