דרושים » אבטחת מידע וסייבר » Security Architect (InfoSec)

We are looking for an exceptional Senior Security Engineer to join our growing team. For the first 6 months you will:
Bolster and develop our defensive security capabilities, identifying advanced threats to us, developing and implementing countermeasures
Responding to incidents and conducting investigations as events happen through analyzing logs and various other sources (ex: AWS Guardduty, SecurityHub, Detective, etc.)
Engineer and automate custom detection and response capabilities to combat malicious and/or unwanted behaviors within the environment
Stay up to date with Tactics, Techniques, and Procedures (TTPs) that may apply to us and define and implement mitigation techniques to improve our overall risk posture
You will be part of a new product security team responsible for building, supporting, enhancing and improving our security frameworks, tools, processes and methodologies used across our SDLC and Runtime environments.
In this role, you will also be responsible to:
Conduct in-depth vulnerability assessments and security auditing of assets
Develop and improve processes for incident detection and the execution of countermeasures
Contribute to the creation and upkeep of run books to handle security incidents
Administer security configuration for threat management platforms for large-scale environments, including security orchestration, automation, and response (SOAR) and security information and event management (SIEM) tools
Contribute and showcase as a SOAR platform used within our Security Operations
Provide guidance on security architecture for threat detection and response systems used as a part of the overall security operations
Consult with our security compliance team during security audits to demonstrate our technical security capabilities
Collaborate with Product Management and Development team members to enhance our Security program
Take part in the Security Operations on-call rotation, including leading all incident response efforts and documentation during your rotation

We are looking for a motivated, energetic and experienced Information Security Manager (ISM) to be part of our information security journey and take the lead in the security GRC and awareness domains. Take ownership of your domain and oversee information security through the development of policies, training initiatives, establishment of vendor security assurance, advancement of company awareness, and the development of security and privacy compliance certificates and audits.

As a key role within the Information Security team, the ISM position requires a working knowledge of information security systems and technologies. The ISM will proactively work with all teams and departments to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of security-related risk management activities.

The ISM will serve within the Governance, Risk, and Compliance (GRC) team as the process owners of GRC activities related to the availability, integrity and confidentiality of customers, business partners/vendors, employees, and business information in compliance with the organization's information security policies. The ISM must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
What you will be doing:
Manage Forters GRC program, ensuring compliance with SOC2, ISO 27001/27701 and PCI-DSS, while enhancing process efficiency through the implementation of automation.
Review, update, and create policies and procedures to ensure alignment with customer requirements, certifications, and regulations.
Respond to security questions and questionnaires from company prospects and customers, providing support for company operations.
Conduct routine internal security reviews.
Manage information security risk activities, including conducting annual risk assessments, performing root cause analysis, and overseeing remediation activities.
Lead the vendor security program - Assess the security and compliance of vendors.
Responsible for the security awareness program, conducting training sessions, quizzes, and drills.
Continuously enhance the security standard of solutions by developing / implementing open-source / third-party tools to assist in detection, prevention and analysis of security threats, manage internal and external pen testing and test security products and evaluate them.
Provide technical answers and assist sales teams with RFPs / RFIs / RFQs and sales efforts.

Required Cyber Security Architect
Position Summary:
Are you passionate about protecting digital assets and ensuring the integrity, confidentiality, and availability of sensitive data and services?
As a Security Architect, you'll have a pivotal role in fortifying our organization against cyber threats and vulnerabilities and protecting our most valuable assets. You'll lead the charge in designing and implementing innovative security solutions, frameworks, and strategies to safeguard our systems and infrastructure.
Key Responsibilities:
Security Strategy and Planning:
Define and refine our security strategy, policies, and procedures to stay ahead of emerging threats.
Collaborate closely with leadership to align security initiatives with our business objectives, ensuring security is an enabler, not a barrier.
Security Architecture:
Design and implement a cutting-edge security architecture that sets the standard for excellence.
Ensure our security architecture complies with industry standards and regulatory requirements, leveraging the latest technologies and methodologies.
Security Risk Reduction:
Identify, assess, and prioritize security risks, threats, and vulnerabilities, taking proactive measures to mitigate potential impacts.
Implement robust controls to safeguard our organization's assets and reputation.
Security Tools and Automation:
Evaluate, select, and implement state-of-the-art security technologies and tools to enhance our defense capabilities.
Develop and deploy automation-based workflows to streamline security operations and maximize efficiency.
Security Assurance:
Oversee the implementation of security technologies and controls to ensure they deliver maximum value and effectiveness.
Continuously monitor and refine security measures to adapt to evolving threats and maintain the highest level of protection.

we are looking for a Security Engineer with deep experience in cloud-based applications and infrastructure.
In this role, youll collaborate with our software development and DevOps teams to secure products, CI/CD infrastructure, and production infrastructure. Youll also get the opportunity to influence our product roadmap by utilizing to assess, monitor, and harden our environments.

This role encompasses multiple open positions for candidates with cloud-focused experience in areas like threat modeling and security reviews, detection engineering, incident response, and vulnerability management.


WHAT YOULL DO

Plan detection use cases and delivering detection capabilities to identify attack tactics, techniques, and procedures
Play a key role in the security incident response process
Develop, promote, and monitor the adoption of sound cloud security practices
Take ownership of vulnerability management and patching policies
Identify and help mitigating security issues, misconfigurations, and vulnerabilities related to the cloud, container, and Kubernetes infrastructure
Collaborate with engineering, DevOps, and IT teams to ensure security is at the heart of what we do
Lead threat modeling exercises around cloud-native, SaaS, and cloud-first technologies
Mentor and provide technical leadership to other members of the Security team

we are looking for a Cyber Security Consultant to perform a range of expert level services. The successful candidates should have experience both as a security practitioner and security consultant, profound technological cyber knowledge and passion for cyber security. In addition, they should have a service approach, excellent communication skills and the ability to learn and work with the best in the field.

Main Responsibilities:

Evaluate the state of security, configurations, and security strategy, identifying gaps and opportunities and anticipating needs
Consult in cyber security engagements, including development of a cyber security plans and design implementation, and provide guidance on building security
Recommend cyber security strategies, policies, and procedures
Develop and support clients with internal training to assure deep understanding of fundamental cyber security practices, risks, and recommended mitigation tactics
Create expert-level deliverables, and present results of the assessment to a broad range of clients and design plans to address specific cyber risks and vulnerabilities
Collaborate with the cyber experts team in the development and implementation of cyber assessment tools, services, and best practices

As a Cyber Security Engineer in a fast-expanding operation team, you will be responsible for onboarding new global clients to the MXDR services, developing and maintaining detection scenarios and alerts, analysing the client's environment, and providing technical support and guidance to clients. To excel in this role, you will demonstrate strong technical aptitude, dedication to delivering high-quality work, and a cooperative approach to teamwork.



Main Responsibilities:

Lead the onboarding process for all new clients joining the MXDR services, working closely with the clients IT and security teams to ensure smooth implementations.
Develop detection scenarios and alerts for XDR solution (Velocity) to ensure effective threat detection and response.
Oversee Velocity KPIs and measurements set by the client, adjusting, analyzing and maintaining them according to their needs and tracking the impact of the platform on the client's networks, endpoints, applications, and cloud environments.
Continuously improve Velocity monitoring capabilities and keep up-to-date with the latest developments in the cyber threat landscape.
Provide technical support and guidance to clients on Velocity security-related issues, including implementing security best practices and ensuring compliance with industry standards.

XM Cyber is the leader in hybrid-cloud security posture management, using the attacker’s perspective to find and remediate critical attack paths across on-premises and multi-cloud networks. We are seeking a highly skilled System Architect to join our team. The System Architect will be responsible for designing the system architecture for our SaaS solution, ensuring it meets the highest standards of security and performance. This role will require a deep understanding of modern cloud architecture and big-data tools, as well as experience in architecting complex systems in a SaaS environment.
* Designing the system architecture for our SaaS solution, considering factors such as scalability, reliability, and security
* Leading the design and implementation of product security measures to ensure the confidentiality, integrity, and availability of customer data
* Collaborating with cross-functional teams to ensure alignment with business requirements and technical goals
* Conducting regular assessments of the system architecture to identify potential risks and areas for improvement
* Providing technical leadership and guidance to the development team in implementing architectural best practices
* Keeping up to date with the latest trends and technologies to inform architectural decisions and bringing innovative solutions

Required Application Security Architect
Job Description:
Research, identify, evaluate and implement the best solutions for security in our production environment
Research, identify, evaluate and implement the best solutions for the platform code and services used by our developers
Work closely with development and system teams on all SDLC levels, performing security design reviews, threat modeling and penetration tests, while acting as a security mentor for developers
Investigate abnormal activity in production
Build creative tools and services to detect and solve cross-security issues.

As a Security Analyst you will be responsible for:

Planning building and automating security workflows using automation tools.
Integrating data sources, creating alerts, and investigating.
Developing detailed documentation for IR playbooks and executing them.
Manage and coordinate cyber incidents.
Conduct in-depth analysis of security events and incidents to identify the root cause and scope.
Operate and maintain the SIEM system including fine tuning to optimize detection and response capabilities.
On-demand threat-hunting activities on cloud environments and SaaS applications.
Research new attack vectors, including identification, and related mitigations across the enterprise IT landscape.
Be a knowledge source for new and emerging threats, incident response processes, and threat-hunting activities.
Evaluate & recommend new security technologies and help shape the product with your insights and expertise.

we are looking for highly capable Incident Response Expert. The Incident Response Expert role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the clients IT and security teams.

Main Responsibilities

Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.

Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.

Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.

Utilize and develop tools and methodologies to improve existing investigative and hunting technological stack.

Collaborate with IT and Security teams during investigations.

Generate and present a comprehensive and professional report of findings from investigations.