We are looking for a GRC Analyst.
As a GRC analyst, you will be working very closely to participate in all aspects of cyber security and compliance. The role is a crucial part in our Cyber Security team and the entire security program. We are looking for a team member with experience in compliance frameworks operating with modern systems. You will be involved in all information security processes and activities, with the different teams, make risk mitigation recommendations, and suggest and review solutions. This is a key position in the process of building the security culture in the entire organization.
The ideal candidate is highly motivated, demonstrating a can do' attitude and needs to have a combination of troubleshooting and communication skills, as well as the ability to handle a mix of multiple tasks in parallel.
This role will provide career growth opportunities as you develop/acquire new security skills in the course of your duties.
RESPONSIBILITIES:
Support local, regional, and global initiatives and activities related to governance, risk, and compliance.
Establish, maintain, and publish up-to-date security and compliance policies, standards, and guidelines, and oversee training and dissemination of policies and procedures.
Identify and track timely closure of control gaps and risk mitigation plans.
Participate in ISO 27001, SOC, and other compliance assessment, evidence collection, and reporting.
Develop and implement various Governance, Risk, and Compliance tools.
Utilize a risk-based approach for vendor management, including assessing and treating the risks.
Assist with Incident Response and Business Continuity to include running table-top exercises.
Other related duties such as Incident response process, Vulnerabilities management and more.

The Security Research team focuses on constantly improving our detection and protection coverage against ever-evolving cyber-security attack techniques and tools. The team comprises top-tier global security researchers with expertise in offensive (red teamers, penetration testers) and defensive (SOC, DFIR, malware analysts, and reversers). Each research project and detection & protection rule become a core part of our various platforms.

In this position, you will

Collaborate closely with customers to understand their security needs and identify detection gaps.
Develop, enhance, and maintain complex detection & protection mechanisms in collaboration with top-tier global security professionals.
Analyze customer-provided red team reports, identifying key attack patterns and translating them into actionable detection improvements.
Implement cyber security logic and features while ensuring alignment with customer requirements.
Conduct security research and data analysis to validate newly created security content and ensure product precision.
Stay updated on emerging threats and new attack techniques, adapting detection capabilities proactively
Analyze advanced attack techniques and malware to inform the development of future defense mechanisms.
Provide Tier 4 support for our EPP product security capabilities, offering in-depth expertise to customers.

We are looking for a Senior Security Researcher to join our team Cloud Security.
In this role, you will take part in protecting our customers' cloud environments from a wide range of cyber threats.
Your contributions will be directly impactful, not only ensuring our customers' success but also making a significant difference in the evolving landscape of cloud security.
Your Opportunity:
Research cloud threats and collaborate closely with the engineering team to transform research insights into innovative product features
Develop effective detection rules and enhance our product's capabilities for better threat detection
Launch and manage incident response operations to investigate attacks on cloud environments
Investigate malware specifically targeting cloud workloads, understanding their mechanisms and impacts, and produce high-quality reports
Present your unique findings and share knowledge at cyber and cloud conferences

we are looking for a Security Engineer with deep experience in cloud-based applications and infrastructure.
In this role, youll collaborate with our software development and DevOps teams to secure products, CI/CD infrastructure, and production infrastructure. Youll also get the opportunity to influence our product roadmap by utilizing to assess, monitor, and harden our environments.

This role encompasses multiple open positions for candidates with cloud-focused experience in areas like threat modeling and security reviews, detection engineering, incident response, and vulnerability management.


WHAT YOULL DO

Plan detection use cases and delivering detection capabilities to identify attack tactics, techniques, and procedures
Play a key role in the security incident response process
Develop, promote, and monitor the adoption of sound cloud security practices
Take ownership of vulnerability management and patching policies
Identify and help mitigating security issues, misconfigurations, and vulnerabilities related to the cloud, container, and Kubernetes infrastructure
Collaborate with engineering, DevOps, and IT teams to ensure security is at the heart of what we do
Lead threat modeling exercises around cloud-native, SaaS, and cloud-first technologies
Mentor and provide technical leadership to other members of the Security team

As a Security Analyst on the On-Prem team, you'll play a vital role in continuously enhancing the product's ability to detect and prevent cyberattacks.

Responsibilities:

Collaborate with top-tier security professionals to develop, refine, and maintain complex detection and protection mechanisms.
Implement cybersecurity logic and features by identifying and validating new security content. You'll leverage security research and data analysis to improve product precision.
Stay ahead of the curve by continuously testing On-Prem's capabilities against emerging threats and evolving attack techniques.
Provide expert Tier 4 support for the product's EPP security features.
Collaborate with On-Prem customers remotely or on-site. This includes reviewing security rules and configurations, and recommending best practices.

were looking for a Threat Detection Analyst to join our team
WHAT YOULL DO

Monitor attacks against cloud environments and malware targeting cloud workloads
Build detections and tools to protect customers from cloud threats
Collaborate closely with the R&D team to transform research insights into product features
Build procedures and playbooks to be used when emerging threats are detected
Work with customers in response to requests related to suspicious activity or potential incidents
Develop best practices and security policies based on research findings, and write external-facing materials stemming from your research

We are looking for a highly skilled Product Security Architect to join our team at Tipalti. This role is pivotal in ensuring the security of our applications from inception to production and beyond. The ideal candidate will have a solid development background that has evolved into security expertise, enabling them to work closely with development teams to implement security best practices and develop protection mechanisms.
In this role, you will be responsible for:

Collaborate closely with all Tipalti development teams to build and govern security from day one to production, following best practices.
Perform application security assessments, including architecture design reviews and threat modeling.
Provide secure software guidance and act as a business enabler to cross-functional teams, including product, engineering, etc.
Design, build, and implement best-in-class application security solutions.
Lead and promote security audits, vulnerability assessments and code reviews.
Develop software security guidance, including training material, best practices, secure coding checklists, and reusable code.
Validate ongoing compliance with policies and procedures in support of regulations.
Raise the overall security awareness for the Secure-SDLC and define training roadmaps based on needs.
Work with different entities in the company to ensure S-SDLC compliance with company rules and industry standards.
Review & manage security issues identified in products, analyze severity and risk, and provide recommendations for remediation.
Establish, manage, and lead a bug bounty program

We are looking for a Android Security Researcher II.
The Security Researcher focuses on deep research of new vulnerabilities
and exploits, including how to use this knowledge to the benefit of our customers and the security product suite.
The work includes reverse engineering, so requires a deep understanding of the target operating system, and relevant tools and techniques. Depending on the specific role, Security Researchers will be expected to deliver product detection enhancements (including code and/or rules), POCs of exploits, CVEs, and marketable research.
Security Researchers will have access to cutting-edge technology only found within the Threat Labs team.
Security Researchers analyze customer detections, informing our response and further development of our proprietary threat intelligence and security capabilities.
What you can expect to do in this role:
Perform research, including reverse engineering, into novel and zero-day vulnerabilities and exploits, using of in-house and 3rd party tooling, providing recommendations on how to protect our customers.
Perform analysis of customer detections generated by our platform to determine accuracy; recommend detection changes accordingly.
Research new ways to detect malicious activity using custom-built tooling.
Stay up to date on the latest malware trends and OS developments.
Development and maintenance of custom research tools to assist in day-to-day tasks.
Support sales and marketing by supporting the creation of marketable material and thought leadership.
Perform other duties and special projects as assigned.
Customer value focus with the ability to quickly iterate based on emerging threats and customer feedback

This role provides a unique opportunity to join a team with strategic importance to protecting our customers from emerging threats and novel attack methodologies in both cloud and Linux based environments. You will stay ahead of the curve with regards to the threat landscape and your research will directly impact the direction of the team and our product.

If you have a strong passion for security and technology, have an interest in supporting engineering projects, and want to gain real-world experience in dealing with advanced threat actors targeting cloud environments, we have a role for you!


Your contributions will enable continuous improvement of CrowdStrikes cloud detection capabilities ensuring that our customers can be secured with the most advanced security measures in place.



What You'll Do:

Develop, implement and optimize threat detection rules tailored to cloud runtime environments. Aim to detect and respond to activity as early in the killchain as possible.

Rapid response to potential malicious campaigns or extensive exploitation cloud runtime resources post vulnerabilities disclosure.

Conduct proactive threat hunting exercises to identify potential security gaps and emerging threats within cloud environments.

Track and present threat detection findings, including recommended strategies or possible product improvements.

Collaborate with cross functional teams: Work closely with various teams, including OverWatch, engineering, product management, detection engineering, and threat intelligence to drive cloud detections in the Crowdstrike falcon platform.

Stay abreast of the latest threat landscape and cloud security trends, continuously updating detection strategies to address emerging threats and vulnerabilities.

We are looking for a Software Research Engineer to join our Operational Technology Content team.
In this role, you will take part in protecting our customers' OT environments from a wide range of cyber threats.
Your contributions will be directly impactful, not only ensuring our customers' success but also making a significant difference in the evolving landscape of OT security.
Your Opportunity:
Research OT/IoT threats, malware and exploitation tools
Develop effective threat detection rules and enhance our product's capabilities for better threat detection
Research newly published vulnerabilities and security advisories in order to develop new detection plugins for our OT Security product
Research, develop and improve methods of detection for currently unsupported OT/IoT devices