דרושים » הנדסה » Product Security Engineer

We are looking for a Senior Application Security Engineer.
As an Application Security Engineer , you will play a pivotal role in safeguarding our products against security threats and vulnerabilities. You will work closely with our development teams to integrate security best practices into the software development lifecycle, conduct thorough security assessments, and implement robust security measures to protect our applications and data.
Key Responsibilities:
Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC)
Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications
Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
Conduct threat modeling and architecture security review
Develop and maintain secure coding standards and guidelines for application developers
Monitor and analyze security incidents and provide timely response and resolution
Stay current with emerging threats, vulnerabilities, and industry best practices in application security
Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes
Deliver secured development training to developers

As an Application Security Engineer at Via, you will be a key member of the team, responsible for ensuring the security of Via's applications throughout the software development lifecycle. You will work closely with development, operations, and product teams to identify and mitigate vulnerabilities, promote secure coding practices, and build a robust application security program.

What Youll Do:
Perform security assessments, including penetration testing, vulnerability scanning, and code reviews, to identify security weaknesses in applications.
Collaborate with development teams to remediate identified vulnerabilities and implement secure coding practices.
Develop and deliver security training to development teams on secure coding techniques and common vulnerabilities.
Define and implement application security testing strategies, including static analysis, dynamic analysis, and software composition analysis.
Integrate security testing tools and processes into the CI/CD pipeline.
Contribute to the development and maintenance of application security policies, standards, and procedures.
Research and evaluate new application security tools and technologies.
Monitor application security metrics and provide regular reports on the security posture of applications.
Participate in incident response activities related to application security.
Champion a security-first culture within the engineering organization.

Prisma-Photonics is a rapidly growing startup company, developing the next-generation smart-infrastructure solution based on novel fiber-sensing technology (smart roads, smart cities, perimeters, and grid monitoring, etc.). The company offers an award-winning disruptive solution; a “sensor free” approach to smart infrastructure. The company is VC backed and in the revenues stage.
Combining pioneering technology in optical fiber sensing with state-of-the-art machine learning, we help prevent environmental disasters, protect human lives, and keep critical energy and transportation backbones running smoothly.
We are seeking a talented, self-driven and passionate Senior Infrastructure Engineer to build and maintain the cloud infrastructure for our highly available SaaS application as well as our machine learning and data engineering stack. As a Senior Infrastructure Engineer, you will be responsible for designing, implementing, and maintaining the cloud infrastructure and DevOps processes that power our products and internal tooling. You will work closely with all data and development teams and lead the company’s security and compliance vectors. You will ensure a highly reliable, scalable, and secure infrastructure that supports our rapid growth and product innovation, while maintaining observability and cost-effectiveness of our cloud resources and data.

Hiring Manager:
Oded Messer

What You’ll Do:

* Cloud Infrastructure Management: Architect, deploy, and manage our cloud infrastructure (AWS), ensuring high availability, scalability, and security.
* Software Engineering: Be a top notch SW engineer, harnessing your coding and architectural skills, as well as researching skills, for our infra stack.
* Infrastructure as Code (IaC): Define and maintain infrastructure using tools like Terraform, CloudFormation, or Pulumi to manage resources efficiently and reproducibly.
* Monitoring & Incident Management: Build and manage monitoring and alerting systems to ensure uptime, and respond to incidents with root cause analysis and remediation.
* DevOps & Automation: Implement and maintain CI/CD pipelines to streamline development workflows and automate deployment processes across development, staging, and production environments, and across different parts of our solution. While our development teams are expected to write and maintain their own CI, you will act as a supervisor and professional authority, and maintain cross team and complex automation.
* Collaboration and technical leadership: Partner with software engineers, data engineers, and machine learning teams to support their infrastructure needs and guide the evolution of our infrastructure team.
* Cost Optimization: Monitor cloud spend and optimize resources to ensure cost-effective infrastructure without sacrificing performance or security.
* Security & Compliance: Implement security best practices, including access control, network security, monitoring and ensuring the infrastructure is compliant with relevant industry standards (e.g., SOC2, GDPR).


What You Bring::

* 5+ years of hands-on experience in cloud infrastructure, DevOps and platform engineering in production environments.
* Expertise in managing cloud infrastructure on at least one of the major providers: AWS, GCP, Azure. Proficient in Infrastructure as Code tools such as Terraform, CloudFormation, or Pulumi.
* Solid experience with Docker and Kubernetes.
* Monitoring & Logging: Hands-on experience with monitoring tools (Prometheus, Grafana) and logging systems (ELK, Splunk, or equivalent).
* Proficient Software engineering, architecture, as well as scripting languages such as Python, Bash, or Go. Full control of version control systems such as Git.
* Strong experience with CI/CD pipelines and automation using Jenkins, CircleCI, GitHub Actions, GitLab CI, or similar.
* Strong understanding of cloud networking, VPNs, VPCs, DNS, and fi

We're looking for a Security Engineer - Product to spread the power.
The ideal candidate will have experience performing security reviews, vulnerability management, and detection and response operations in cloud-native environments. Youll get to collaborate with our software development and DevOps teams to secure our products, CI/CD infrastructure, and production infrastructure. Youll also have the opportunity to influence our product roadmap by utilizing to assess, monitor, and harden our environments.
WHAT YOULL DO
Lead threat modeling and security review exercises across our production and CI/CD environments identifying and mitigating risks in our products and the cloud services that support them
Drive vulnerability management and remediation efforts prioritizing issues, implementing mitigations, and designing strategic preventative controls
Extend our detection and response capabilities building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
Collaborate with our Federal team extending our DevSecOps and Product Security practices to our FedRAMP environment and ensure it meets key security requirements
Build deep functional partnerships with our engineering and operations teams helping them deliver secure-by-design solutions

We are disrupting the Cyber Security industry! We are looking for a Product Security Engineer to join our Product Security team. Youll work with all product engineering teams to provide assistance and guidance on how to secure our products. If you are a fast learner and passionate about Cyber Security, this is a great opportunity for you.
Your Impact:
Application Security Tooling
Build risk driven intelligent automation to optimize Security findings and remediations
Work with security engineers and product development teams to fine-tune tools to provide accurate and actionable results
Collaborate with Product Engineering teams on security tool integration.
Security Services Development
Take part in developing security services that provide product engineering teams with easily consumable, top notch security implementations.
Contribute to designing modular application sub-architectures that enable product teams to easily adopt integrated security capabilities.
Consulting & Support:
Evangelize and lead the adoption of Secure SDLC and security best practices across the entire SDLC. Youre someone that possesses strong knowledge of security from code to cloud and wants to help people apply it.
Quantify risk and clearly articulate security trade-offs that balance robust protection with business continuity.
Implement programs to automate complex data analysis for high priority security missions.
Build tools/reports to support urgent requests.

At our company, were reinventing DevOps to help the worlds greatest companies innovate and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit, and just all-around great people. If youre willing to do more, your career can take off. And since software is central to everyones lives, youll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust our company to manage, accelerate, and secure their software delivery from code to production a concept we call liquid software. Wouldn't it be amazing if you could join us on our journey?
As an Offensive Security Team Lead, you will spearhead our companys offensive security operations and lead advanced threat research initiatives, playing a pivotal role in safeguarding our organization and customers from evolving cyber threats. You will develop and execute Red Team exercises, simulate real-world attacks, and identify security weaknesses in our companys systems and applications. We seek a highly skilled, proactive tech leader who thrives in challenging environments and is passionate about advancing security research and offensive strategies.
As an Offensive Security Team Lead at our company you will
Lead, plan, design, and execute Red Team operations, threat modeling, and adversarial simulations against our companys infrastructure and cloud environments
Drive threat research and intelligence initiatives to stay ahead of emerging cyber threats, attack techniques, and vulnerabilities
Develop and execute advanced attack scenarios to assess security defenses and provide actionable recommendations for improving our companys security posture
Collaborate closely with security engineering, DevOps, and software development teams to implement findings and enhance our defenses
Lead the development of tooling, frameworks, and methodologies to automate and optimize Red Team exercises
Mentor and guide a team of security professionals, fostering a culture of innovation, collaboration, and continuous learning
Participate in incident response when Red Team exercises reveal vulnerabilities, providing expertise on attack techniques, forensics, and post-attack mitigation
Continuously assess and improve security processes, playbooks, and threat detection mechanisms.

We are looking for highly capable Incident Response Expert. The Incident Response Expert role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the clients IT and security teams.

Main Responsibilities:
Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.
Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.
Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.
Utilize and develop tools and methodologies to improve our existing investigative and hunting technological stack.
Collaborate with IT and Security teams during investigations.
Generate and present a comprehensive and professional report of findings from investigations.

we are a leader in cloud-native networking software for hyperscalers and service providers who are building the largest infrastructures in the world for network services, AI platforms and SaaS offerings. Founded in December 2015, our company disrupted some of the most challenging high-scale markets, transforming the way Networks are built, scaled, and consumed. We also built the largest network in the world, with more than half of AT&Ts backbone running on our Network Cloud. we have raised $587 million in three funding rounds which enable us to dream big and bring on the most talented people.
The Role:
As the Director of Information Security and GRC, you will oversee all aspects of our company's information security program, ensuring the protection of our data, systems, employees, and applications. You will lead a team of talented security professionals, driving a proactive, responsive and comprehensive security posture aligned with industry best practices and regulations.
Responsibilities:
Be kind.
Will be leading a team of 3-4 security operations specialists and engineers.
Embody the organizations values and act as a values champion, holding both yourself and others accountable to them.
Develop and implement a comprehensive information security strategy aligned with business objectives and risk tolerance.
Lead the Security team, fostering a culture of transparency, continuous improvement and collaboration.
Lead the development and implementation of IT governance frameworks and policies.
Oversee the implementation and maintenance of security controls, including firewalls, intrusion detection/prevention systems, and endpoint security solutions.
Manage product security, vulnerability management, and incident response processes.
Design and implement a robust Governance, Risk, and Compliance (GRC) program, ensuring companywide adherence to relevant regulations and standards.
Conduct regular security assessments and risk analyses to identify and mitigate potential vulnerabilities, partnering with business units and stakeholders across the organization.
Ensure that the organization is prepared for internal and external IT audits; and manage the audit process.
Coordinate with external agencies, auditors, customers and stakeholders for compliance assessments and audits.
Assist in the selection, implementation, and maintenance of security technologies, tools, vendors, and processes to ensure adherence to the organization's security policies and goals.
Work with DevOps and the development staff to improve the security posture and to implement secure SDLC practices.
Stay up to date on the latest security threats, trends, and technologies, ensuring that our company adopts appropriate countermeasures.
Develop and deliver security awareness training programs for employees.
Manage the security budget and resources effectively.
Report to the Chief Operating Officer (COO) on the organization's overall security posture.
Curate the organizations risk register and report regularly on burndown.

Were looking for a Security Operations Engineer to lead our monitoring and detection efforts across our global FinTech environment. Youll be responsible for implementing and operating a robust SIEM solution, managing alerting pipelines, and ensuring security visibility across our SaaS platforms, cloud environments (AWS,GCP), and one physical on-prem location. This role is mission-critical to maintain our compliance, protect our customer data, and support our global operations.
Responsibilities:
Lead the implementation and ongoing operations of the company-wide SIEM solution
Build and tune detection rules, alerts, and incident workflows
Monitor cloud (AWS, GCP) and SaaS environments for anomalies and threats
Integrate logs from production systems, cloud platforms, SaaS tools, and on-prem infrastructure
Respond to security incidents and perform forensic investigations
Partner with Engineering, IT, and GRC to ensure logging and alerting coverage
Continuously improve our detection capabilities and response processes
Ensure monitoring meets compliance frameworks (SOC2, PCI-DSS, etc.)