דרושים » אבטחת מידע וסייבר » Application Security Engineer

Required Senior Application Security Engineer
As an Application Security Engineer, you will play a pivotal role in safeguarding our products against security threats and vulnerabilities. You will work closely with our development teams to integrate security best practices into the software development lifecycle, conduct thorough security assessments, and implement robust security measures to protect our applications and data.
Key Responsibilities:
Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC)
Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications
Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
Conduct threat modeling and architecture security review
Develop and maintain secure coding standards and guidelines for application developers
Monitor and analyze security incidents and provide timely response and resolution
Stay current with emerging threats, vulnerabilities, and industry best practices in application security
Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes
Deliver secured development training to developers.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security frameworks such as SALSA. This position reports directly to an R&D VP.

Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.
Job Id: 22784

We are looking for a highly skilled Application Security Engineer to join our team .
In this role, you will be responsible for:
Partner with all development teams to establish and govern security practices from the outset of development to production.
Conduct application security assessments, including architecture design reviews and threat modeling.
Act as a security advisor to cross-functional teams, including product, engineering, and others, to support secure software development.
Design, build, and implement advanced application security solutions.
Lead security audits, vulnerability assessments, and code reviews.
Develop and share software security guidelines, including training materials, secure coding checklists, best practices, and reusable code.
Ensure ongoing compliance with security policies and procedures in support of regulatory requirements.
Elevate security awareness across the SSDLC, defining tailored training roadmaps as needed.
Manage and review security issues in products, analyzing severity and risk, and recommending remediation steps.
Establish, manage, and lead a VDP/Bug Bounty program.

We seek a dynamic and experienced Cloud Security Engineer to join us!
This role presents an exciting opportunity to work in a fast-growing company with great opportunities to make a difference.
In this role, you will be responsible for:
Design and implement cloud security architectures and controls for multi cloud env
Maintain and manage security tools within our cloud environment, such as Firewall, WAF, CDN, API Security, Runtime Protection, CSPM, DSPM, and SSPM.
Identify and remediate vulnerabilities and misconfiguration findings in our cloud environments.
Monitor and optimize cloud architecture connectivity in the environment to comply with our compliance and policies.
Administer and control our security cloud accounts.
Lead and execute cross-organizational security projects and initiatives.
Collaborate with internal teams to enhance cloud security measures.

We're looking for a Security Engineer - Product to spread the power. The ideal candidate will have experience performing security reviews, vulnerability management, and detection and response operations in cloud-native environments. Youll get to collaborate with our software development and DevOps teams to secure our products, CI/CD infrastructure, and production infrastructure. Youll also have the opportunity to influence our product roadmap by to assess, monitor, and harden our environments.
WHAT YOULL DO
Lead threat modeling and security review exercises across our production and CI/CD environments identifying and mitigating risks in our products and the cloud services that support them
Drive vulnerability management and remediation efforts prioritizing issues, implementing mitigations, and designing strategic preventative controls
Extend our detection and response capabilities building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
Collaborate with our Federal team extending our DevSecOps and Product Security practices to our FedRAMP environment and ensure it meets key security requirements
Build deep functional partnerships with our engineering and operations teams helping them deliver secure-by-design solutions.

We're looking for a hands-on Security Operations Engineer based in Israel to strengthen our detection and response capabilities. In this role, you will be the frontline defender of our cloud infrastructure, leading incident management and response efforts while continuously improving our security posture. You will report directly to our Security leadership team and play a critical role in safeguarding our customers' most sensitive data.

What You'll Do

Lead Incident Response: Serve as primary responder to security alerts, perform initial triage, conduct thorough investigations, and coordinate remediation efforts
Enhance Detection Capabilities: Design, implement, and fine-tune detection rules and alerts across our cloud environment to identify potential security threats
Manage Security Monitoring: Maintain and optimize our SIEM/SOAR platforms to ensure comprehensive visibility into our security posture
Drive Threat Hunting: Proactively search for indicators of compromise and potential security gaps within our cloud infrastructure
Automate SecOps Workflows: Develop and implement automation to improve identification and response times for security events
Improve Cloud Security Monitoring: Develop and run tools to gather security telemetry data from cloud production systems
Conduct Investigations: Perform forensic analysis of security incidents, document findings, and communicate effectively to stakeholders
Enhance Response Protocols: Continuously refine incident response procedures and runbooks to ensure swift and effective handling of security events

As a Cyber Security Engineer in a fast-expanding operation team, you will be responsible for onboarding new global clients to the MXDR services, developing and maintaining detection scenarios and alerts, analysing the client's environment, and providing technical support and guidance to clients. To excel in this role, you will demonstrate strong technical aptitude, dedication to delivering high-quality work, and a cooperative approach to teamwork.



Main Responsibilities:

Lead the onboarding process for all new clients joining the MXDR services, working closely with the clients IT and security teams to ensure smooth implementations.
Develop detection scenarios and alerts for XDR solution (Velocity) to ensure effective threat detection and response.
Oversee Velocity KPIs and measurements set by the client, adjusting, analyzing and maintaining them according to their needs and tracking the impact of the platform on the client's networks, endpoints, applications, and cloud environments.
Continuously improve Velocity monitoring capabilities and keep up-to-date with the latest developments in the cyber threat landscape.
Provide technical support and guidance to clients on Velocity security-related issues, including implementing security best practices and ensuring compliance with industry standards.

Security is at the core of our operations, and we are seeking a Security & IT Specialist to take full ownership of cybersecurity, IT infrastructure, and data protectionensuring that our systems, data, and operations are protected both internally and externally against unauthorized access, cyber threats, and data breaches.
Key Responsibilities
Cybersecurity & data Protection (Internal & External)
Enforce strict in-house security policies to prevent unauthorized internal data access, copying, or extraction by employees or external parties. Implement DLP ( data Loss Prevention) systems to monitor and restrict data transfers, ensuring no FINQ data is leaked or misused. Secure network infrastructure, cloud environments, and endpoint devices from external cyber threats. Oversee network security, endpoint security, cloud security, IAM, and SOC tools. Regularly assess and update security protocols to stay ahead of cyber threats. Manage IAM policies, ensuring employees can only access data relevant to their role. Monitor third-party integrations, vendors, and service providers to ensure compliance with FINQs security standards.?? IT Infrastructure & Security Operations
Monitor and document availability of all systems and external service providers by direct observation, remote connection, and through alerting systems and respond immediately to security or usability concerns. Troubleshoot operational issues rapidly and analyze and resolve underlying issues to restore production systems and maintain continuity of business. Maintain and optimize FINQs IT infrastructure, ensuring all systems, networks, and databases are secure. Implement secure cloud Storage policies and encryption techniques to protect sensitive financial data. Manage user permissions, multi-factor authentication (MFA), and identity & access management (IAM) systems. Oversee backup and disaster recovery strategies to ensure business continuity.?? Security Compliance & Risk Management
Ensure compliance with financial security regulations, including SOC2, ISO 27001, GDPR, and other industry standards. Conduct security audits, vulnerability assessments, and penetration tests to identify and mitigate risks. Implement cybersecurity awareness training for employees to prevent internal security threats (e.g., phishing, insider threats). Stay updated on emerging threats and security technologies, providing recommendations for continuous improvements.?? Incident Response & Threat Mitigation
Develop and maintain incident response protocols to quickly detect, contain, and remediate cyberattacks. Investigate and respond to security breaches, data leaks, or unauthorized access attempts. Work with law enforcement and regulatory bodies when necessary to handle security incidents.

Were looking for an exceptional Senior Cloud Security Researcher to join our growing team.
We are looking for a Cloud Security Researcher who will join our mission to revolutionize cyber defense through innovative research and cutting-edge technology. As part of our research work, you'll investigate cyberattacks targeting cloud and SaaS (Software as a Service) environments, enhancing expertise and contributing directly to the evolution of our CDR (Cloud Detection and Response) platform. Youll collaborate with cross-functional teams, bridging knowledge and aligning efforts across the organization.

What You'll Do
Lead innovative research into cyber threats targeting cloud platforms, SaaS applications, Kubernetes, and emerging technologies by leveraging state-of-the-art tools and methodologies.
Develop and refine cutting-edge detection algorithms and forensic investigation techniques to uncover and mitigate sophisticated attacks in cloud and SaaS environments.
Conduct comprehensive investigations of real-world cloud security incidents, transforming insights into actionable strategies that continually evolve our threat detection capabilities.
Share your research accomplishments and innovative findings with the security community through blog posts, conference presentations, and other professional forums, enhancing our industry reputation and fostering collaborative growth.
Contribute your expertise to shape the strategic direction and ongoing development of CDR product suite, ensuring our offerings stay ahead of evolving cyber threats.
Work closely with cross-functional teams to identify novel techniques and implement robust defenses, uniting diverse expertise to secure cloud and SaaS infrastructures.

Required Security Production Engineer
Job Description
As a Security Infra Engineer, youll design, build, and manage security aspects of our cloud-based and physical environments to ensure compliance and integrity. In your day-to-day, you will:
Design, implement, and maintain platforms for investigating and analyzing security incidents, performing root cause analysis, and coordinating remediation efforts
Design, implement, and maintain security tools and controls for cloud-based infrastructure, Kubernetes clusters, and services, ensuring compliance with industry standards
Build tools and scripts using Golang, Python, or Node.js
Collaborate with all infrastructure groups (cloud, networking, DB, DevEx, etc.) and the Chief Information Security Officer group (for example, for incident response)
Align with other infrastructure standards, including efficiency, reliability, and cost
Work closely with cross-functional teams to design, implement, maintain, and manage security solutions that ensure the integrity and confidentiality of our systems.