Welcome to LHH Israel Network

On this board you can review our network of companies that will assist you finding new job opportunities. This board automatically pulls the jobs from their career sites.
Found a suitable job? Send us the job link including your resume to: jobs@lhh.co.il and we will make sure it reaches the right person in the organization.
Please do not apply on this platform.

Before sending your resume, please check how well your CV matches the role requirements using the LHH AI CV Optimizer.

Senior Application Security Engineer

SysAid

Posted on Jun 21, 2026

Apply now

Description

SysAid is a global leader in AI-powered IT Service Management (ITSM), building smart platforms that automate IT support and help organizations work faster and smarter. Our solutions are trusted by thousands worldwide, making complex tasks simple so IT teams can focus on what matters most.

We're seeking a Senior Application Security Engineer who comes from a genuine software engineering background - someone who has designed, written, shipped, and maintained production code and then moved into security (or wants to formalize that move). You'll join the CISO organization as the security backbone of our R&D engine: owning the Secure SDLC end-to-end, embedding security into every stage of development, and partnering with R&D, DevOps, Architecture, and Product so that every line of code and every feature we ship - including our AI capabilities - meets the highest security standards.

This is a high-impact, hands-on role reporting directly to the CISO, with a clear growth path to AppSec Lead and exposure to GRC, cloud, and AI security.

What You’ll Do

Secure SDLC & Application Security

Own and continuously evolve SysAid's Secure SDLC (SSDLC), integrating security gates from design to deployment.
Lead threat modeling (STRIDE / PASTA / attack trees) for new features, architectural changes, and AI components.
Perform and oversee secure code reviews, design reviews, and security architecture reviews — and pair directly with developers on remediation, reference fixes, and reusable secure patterns / "paved-road" libraries.
Manage and operate the SAST, DAST, IAST, SCA, and secret-scanning stack; tune rules, triage findings, drive remediation, and reduce noise.
Define and enforce AppSec policies, secure-coding guidelines, and standards aligned with OWASP Top 10, ASVS, and SAMM.
Software supply-chain security: SBOM generation/analysis, open-source component risk, and dependency hygiene across R&D.

Vulnerability Management & External Testing

Manage external pentest vendors and the bug-bounty / vulnerability-disclosure program; triage, validate, and prioritize findings (you orchestrate and remediate — you don't need to be the one running the pentests).
Drive end-to-end vulnerability management for product assets: SLA tracking, root-cause analysis, and remediation partnership with R&D.
Define and track AppSec metrics: mean-time-to-remediate, vulnerability density, security-debt trends.
Serve as a technical resource during application security incidents.

AI Security

Lead SysAid's AI/LLM security program: threat modeling for AI features, prompt-injection defenses, model-abuse prevention, data-leakage controls, agentic-AI risk.
Apply OWASP Top 10 for LLM Apps, MITRE ATLAS, NIST AI RMF, and ISO 42001 principles.
Define safe-usage guardrails for AI development tools (Claude, Gemini, Copilot, Cursor, etc.) — IDE plugins, code-generation guardrails, and data-handling rules for engineers.

Cross-Functional Partnership & Enablement

Be the trusted security partner for R&D, DevOps, Product, and Architecture - service-oriented, pragmatic, and a true enabler (not a blocker).
Lead the Security Champions program: identify, train, and empower champions inside engineering teams.
Deliver developer security training (secure coding, OWASP, AI security, threat modeling) - onboarding and continuous learning.
Drive security awareness within R&D through workshops, brown-bags, CTFs, and gamified learning.

Compliance & GRC Support

Support the CISO organization in maintaining and evolving SysAid's compliance posture: SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, HIPAA, and emerging frameworks (ISO 42001, NIST CSF, NIST AI RMF).
Provide AppSec evidence, control mappings, and audit responses to internal/external auditors.

Requirements

Strong, hands-on software engineering background - 5+ years building and shipping production software in a team (e.g., Java, JavaScript/TypeScript, Python, Node, React, etc.). You've designed, written, reviewed, debugged, and maintained real systems and understand engineering trade-offs and processes - not solely AI-assisted/low-code generation. This depth is what makes your security guidance credible to developers.
Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
2+ years focused on application/product security, or a clear, demonstrated transition from engineering into AppSec.
Experience in Secure SDLC implementation across modern CI/CD environments (GitHub/GitLab, Jenkins, ArgoCD, etc.).
Hands-on with SAST, DAST, SCA, and secret-scanning tools (e.g., Checkmarx, Snyk, SonarQube, Semgrep, Trivy; Burp/ZAP a plus).
Working knowledge of OWASP Top 10, ASVS, SAMM, CWE/SANS Top 25, and threat modeling (STRIDE/PASTA).
Secure API development (REST/GraphQL) and cloud security fundamentals (AWS preferred; IAM, containers/Kubernetes, IaC/Terraform).
Cloud security fundamentals - AWS preferred (Azure/GCP a plus): IAM, container/Kubernetes security, IaC (Terraform).
Practical understanding of AI/LLM security (prompt injection, model abuse, data leakage, agentic risk; OWASP LLM Top 10, MITRE ATLAS) and sound judgment using AI assistants in engineering/security workflows.
Hands-on experience using AI assistants in security workflows (Claude, Gemini, Copilot, etc.) - and the judgment to use them safely.
Experience with API security testing and securing REST/GraphQL APIs.
Familiarity with software supply chain security concepts - SBOM (CycloneDX / SPDX), open-source risk management, and dependency confusion / typosquatting attack vectors.
Exposure to SOC 2 / ISO 27001 family / HIPAA controls and audits (a plus).
Excellent English - verbal and written; able to communicate clearly with global stakeholders and customers.
Outstanding communication and interpersonal skills; service-oriented mindset; ability to influence without authority.
Preferred Certifications - CSSLP (secure software lifecycle) or CISSP are most relevant to this role; secure-coding certs (e.g., GIAC GSSP) a plus. Offensive certs (OSCP/OSWE/OSWA, GWAPT/GPEN, CEH) are an advantage

Why You’ll Love Working Here

Impact - Lead the security of a product trusted by thousands of enterprises globally, with real influence over how SysAid's AI-powered ITSM platform is built securely.
Autonomy - Own the Secure SDLC from the ground up, with the freedom to shape tools, processes, and culture.
Growth - path to AppSec Lead with direct exposure to GRC, cloud security, and AI security across the full CISO organization.
Collaboration - Work as a true partner to R&D, DevOps, and Product in a fast-moving, global SaaS company at the forefront of AI-driven IT.

Apply now

See more open positions at SysAid