Application Security Engineer
Elbit Systems
Posted on May 14, 2026
We are looking for
An Application Security Engineer to join the AppSec team at our Rehovot/Haifa sites, within the Headquarters & GO division. If you are passionate about application security, DevSecOps, and finding real vulnerabilities in complex environments — this is your opportunity to work hands-on with advanced technologies and make a real impact in a leading defense organization.
In this role you will
Implement and operate application security controls within CI/CD pipelines (SAST, SCA, DAST, secrets scanning)
Perform application security assessments, including code reviews and vulnerability analysis
Support and enforce secure SDLC (SSDLC) practices across development teams
Analyze and validate vulnerabilities, reducing false positives and prioritizing real risks
Work closely with developers to drive remediation and improve secure coding practices
Assist in software supply chain security, including SBOM analysis and open-source risk management
Integrate security findings into SIEM (Sentinel) and support detection use cases
Collaborate with DevOps and R&D teams to ensure security-by-design implementation
Requirements
Bachelor's degree in Computer Science, Information Security, or a related field
3–5 years of experience in Application Security, Cybersecurity, or DevSecOps
Strong understanding of OWASP Top 10, secure coding principles, CI/CD pipelines, and modern application architectures
Hands-on experience with SAST, DAST, or SCA tools and web application testing tools (e.g. Burp Suite)
Basic scripting skills (Python / Bash)
Good communication skills in English
Experience with JFrog Xray, Black Duck, SIEM systems (Microsoft Sentinel), API security testing, or cloud environments (AWS / Azure) - Advantage
Background in penetration testing or bug bounty - Advantage
*Only relevant applications will be answered
#Haifa
An Application Security Engineer to join the AppSec team at our Rehovot/Haifa sites, within the Headquarters & GO division. If you are passionate about application security, DevSecOps, and finding real vulnerabilities in complex environments — this is your opportunity to work hands-on with advanced technologies and make a real impact in a leading defense organization.
In this role you will
Implement and operate application security controls within CI/CD pipelines (SAST, SCA, DAST, secrets scanning)
Perform application security assessments, including code reviews and vulnerability analysis
Support and enforce secure SDLC (SSDLC) practices across development teams
Analyze and validate vulnerabilities, reducing false positives and prioritizing real risks
Work closely with developers to drive remediation and improve secure coding practices
Assist in software supply chain security, including SBOM analysis and open-source risk management
Integrate security findings into SIEM (Sentinel) and support detection use cases
Collaborate with DevOps and R&D teams to ensure security-by-design implementation
Requirements
Bachelor's degree in Computer Science, Information Security, or a related field
3–5 years of experience in Application Security, Cybersecurity, or DevSecOps
Strong understanding of OWASP Top 10, secure coding principles, CI/CD pipelines, and modern application architectures
Hands-on experience with SAST, DAST, or SCA tools and web application testing tools (e.g. Burp Suite)
Basic scripting skills (Python / Bash)
Good communication skills in English
Experience with JFrog Xray, Black Duck, SIEM systems (Microsoft Sentinel), API security testing, or cloud environments (AWS / Azure) - Advantage
Background in penetration testing or bug bounty - Advantage
*Only relevant applications will be answered
#Haifa