Application Security Product Analyst

at Wiz · Enterprise · Tel Aviv, Israel · Product Management & Ops

This role operates an AI-driven DAST agent, innovates detection mechanisms for cloud-native technologies, and defines agent rules of engagement to simulate sophisticated attacks and classify the modern attack surface.

What you'd actually do

  1. Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
  2. Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
  3. Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the Wiz DAST engine.
  4. Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning Wiz as the market leader in vulnerability management.

Skills

Required

  • 1+ years of hands-on experience in AppSec or penetration testing
  • proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix
  • Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP)
  • Hands-on experience with Linux, Windows, Docker, Kubernetes
  • strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML)
  • Proficiency in scripting languages such as Python, Bash, or Go
  • analytical mindset
  • ability to diagnose complex logs and scans
  • Self-motivated
  • ability to work collaboratively
  • communicate high-stakes security concepts effectively across teams

Nice to have

  • Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context
  • SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures
  • A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls

What the JD emphasized

  • primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent
  • innovating detection mechanisms
  • define the "rules of engagement" for our agents
  • effectively simulate sophisticated attacks
  • accurately classify the modern attack surface
  • Develop advanced detection algorithms
  • fine-tuning the attack policies
  • identify and exploit vulnerabilities
  • Analyze cloud services, APIs, and log payloads
  • review complex attack paths
  • reducing false positives
  • ensuring compliance with industry standards
  • Research Novel Threats
  • forefront of novel attack vectors
  • emerging cloud/API threats
  • translating new techniques into executable behaviors
  • Wiz DAST engine
  • Drive Product Evolution
  • Collaborate directly with Research, Backend, and R&D teams
  • turn operational insights into feature requests
  • positioning Wiz as the market leader in vulnerability management
  • 1+ years of hands-on experience in AppSec or penetration testing
  • proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix
  • Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP)
  • Hands-on experience with Linux, Windows, Docker, Kubernetes
  • strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML)
  • Proficiency in scripting languages such as Python, Bash, or Go
  • automate security tasks
  • interact directly with the codebase
  • analytical mindset
  • ability to diagnose complex logs and scans
  • distinguish between tool failures, configuration issues, and valid security findings
  • Self-motivated
  • ability to work collaboratively
  • communicate high-stakes security concepts effectively across teams
  • Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context
  • SaaS and cloud experience
  • familiarity in AWS, Azure, or GCP environments
  • modern cloud-native architectures
  • red teaming background
  • experience in simulated adversarial attacks
  • bypassing standard WAF or security controls

Other signals

  • AI-driven DAST agent
  • innovating detection mechanisms
  • simulated attacks
  • classify modern attack surface
Read full job description

Come join the company that is reinventing cloud security and empowering businesses to thrive in the cloud. As the fastest-growing startup ever, Wiz is on a mission to help organizations secure cloud environments that will accelerate their businesses. Trusted by security teams all over the world, we have a proven track record of success and a culture that values world-class talent.

Our Wizards from over 20 countries work together to protect the infrastructure of our hundreds of customers, including over 50% of the Fortune 100, who trust us to scan and secure over 230 billion files daily. We’re the leading player in a massive and growing market, but it’s still early enough for you to make a significant impact. At Wiz, you’ll have the freedom to think creatively, dream big, and use your full range of skills to contribute to our record growth. Come join our team and help us create secure cloud environments that allow the best companies to move faster.

SUMMARY

We’re looking for a Application Security Product Analyst to join our Product team and help expand the power of Wiz. In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.

You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.

WHAT YOU’LL DO

  • Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
  • Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
  • Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the Wiz DAST engine.
  • Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning Wiz as the market leader in vulnerability management.

WHAT YOU’LL BRING

  • 1+ years of hands-on experience in AppSec or penetration testing, including proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
  • Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP).
  • Hands-on experience with Linux, Windows, Docker, Kubernetes, and a strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML).
  • Proficiency in scripting languages such as Python, Bash, or Go to automate security tasks and interact directly with the codebase.
  • An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
  • Self-motivated with the ability to work collaboratively and communicate high-stakes security concepts effectively across teams.

BONUS POINTS

  • Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
  • SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
  • A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.

Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship. This role does not offer visa sponsorship.

Wiz is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy.