Playtika is looking for a Application Security Engineer to join us!

• Build penetration-testing plans and execute white/grey-box penetration tests on Playtika’s products, internal-developed corporate applications, and 3rd-party software – either personally or by using external contractors/bug-bounty program.
• Triage and validate new findings from various sources (automated tools, PT, bug-bounty program), as well as provide remediation guidelines and short/medium/long term remediation plans when needed.
• Conduct comprehensive security analysis (applicative, infrastructure, network) of Playtika’s systems, and tie it with the business needs – to understand existing gaps and risks.
• Review applications’ source code for potential security issues.
• Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks.
• Develop and maintain internal AppSec tools for the team.
• Perform ad-hoc fraud investigations.
• Perform basic secure design reviews and threat modeling.
• Actively promote improving the security culture and education within the organization while working closely with architects, developers, DevOps, and IT.

• 3+ years of experience in pen-testing web and mobile applications.
• Experience in performing code reviews in different languages – mostly Java, .NET, and NodeJS.
• Experience in writing scripts and automated tools in at least one of the following languages - Python, Bash, Ruby and Go.
• Deep understanding of industry trends of web/mobile application security threats, exploits, and prevention.
• Experience with security tools (e.g. DAST, SAST…)
• Experience in working with containerized environments (Docker, K8S).
• Ability to work in a self-directed environment that is highly collaborative and cross-functional.
• Experience in web/mobile application development – an advantage.
• Experience securing infrastructure in a public cloud (e.g. AWS, Azure, Google Cloud) – an advantage.
• Experience in threat modeling, SSDLC in agile development, DevSecOps methodologies, tools, and technologies (e.g., CI/CD), and working with R&D – an advantage.
• Experience in networking concepts (firewalls, load balancers, etc) – an advantage.