דרושים » אבטחת מידע וסייבר » Security Risk Engineer

Were looking for a GRC Specialist to join our Cyber Security Department and lead cybersecurity Governance, Risk, and Compliance efforts for a growing, disruptive fintech operating in a regulated environment.
This role is ideal for someone who thrives on detail and complexity, enjoys working deeply with regulations and frameworks, and can translate dense requirements into clear, actionable controls.
What youll do
Own, implement, and continuously improve GRC frameworks, policies, and processes
Track and enforce execution of policies across, including documentation and evidence collection
Manage cybersecurity risk assessments and translate findings into business-relevant insights
Drive compliance with ISO 27001, PCI DSS, GDPR, DORA, EU AI Act, and any related European and Israeli privacy and banking regulations
Lead audits, third-party risk assessments, and customer/partner security due diligence
Manage and enhance the GRC platform and related workflows.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization.
In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

We are seeking a Security Operations Engineer to join our Security team, reporting to the CIO. This is a hands-on role where you will design and operate security infrastructure, lead cloud security initiatives, and rethink our security architecture. You'll build AI-powered solutions to automate security triage and response, while partnering cross-functionally with DevOps, IT, and Engineering teams to drive security outcomes across the organization.
What you will do :
Design, implement, and operate security monitoring capabilities using a SIEM platform to detect, analyze, and respond to threats in real time. Deploy and manage EDR, DLP, CSPM, and other security controls across the environment.
Build and maintain cloud security architectures, ensuring strong IAM, network segmentation, encryption, and a zero-trust approach across all cloud deployments.
Continuously evaluate and evolve the security architecture and defense in depth strategy. Integrate tools and systems across the stack to enable unified telemetry, seamless data flow, and automated response actions.
Develop AI powered agentic solutions and operational automations using n8n. Use Infrastructure as Code to automate deployment, configuration management, and ongoing lifecycle operations for security infrastructure.
Create and tune detection rules, build log ingestion pipelines, and conduct proactive threat hunting. Lead monitoring, investigation, and remediation efforts using structured DFIR methodologies.
Embed security into CI/CD pipelines and broader DevSecOps workflows. Partner with DevOps, IT, and Engineering teams to integrate security into day to day operations and technical decision making.
Implement and maintain controls aligned with HIPAA, HITRUST, and SOC 2 requirements. Perform security assessments for vendors, SaaS platforms, and internal applications.

We are looking for an experienced Security Engineer to join our security operations team with a strong focus on detection and response.

This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.



What You Will Do:

Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.

Build and maintain an effective and scalable security monitoring infrastructure solution.

Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.

Triage alerts and drive security incidents to closure while reducing their potential impact .

Build processes and workflows to triage security alerts and respond to real incidents.

Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.

Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.

Contribute to strategy, risk management, and prioritization for all efforts around detection and response.

Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.

Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.

We are looking for an experienced Security Architect to lead the design and implementation of advanced security solutions across our infrastructure, products, and cloud environments. In this role, you will work closely with engineering, DevOps, product, and SOC teams to ensure end-to-end protection, threat resilience, and security-by-design architecture.

Your Chain of Impact:

Design and implement scalable, secure architectures across cloud, application, and data environments
Lead security reviews, threat modeling, and risk assessments for new and existing systems.
Collaborate with R&D and DevOps to embed security best practices into development and deployment processes.
Define and maintain security standards, policies, and frameworks (Zero Trust, IAM, network controls, data protection, etc.)
Oversee integration of security controls, monitoring systems, and automated detection capabilities.
Partner with SOC teams to enhance detection, response, and incident management workflows.
Evaluate new security tools and technologies; lead POCs and drive strategic decisions.
Provide security guidance during architecture planning, code reviews, and product design.

We are seeking a customer-focused Security Analyst to join our managed services team. As a Customer-Facing Security Analyst, you will play a critical role in delivering top-notch exposure remediation services to our clients. You will work closely with customers to assess, analyze, and mitigate exposures in their IT and cloud infrastructure, while providing expert guidance and maintaining strong client relationships.

Responsibilities:

Own and manage the primary technical relationship for a portfolio of enterprise customers, establishing yourself as their trusted security advisor and focusing on strategic security outcomes.
Deliver continuous security posture assessments by leveraging the XM Cyber platform to translate complex technical findings into actionable, risk-based insights for customers.
Master the platform to drive maximum value for customers, guiding them on configuration, best practices, and new features to ensure successful adoption and ROI.
Drive remediation outcomes by acting as the liaison between customers and their internal teams (e.g., IT Operations, DevOps, Cloud Security), helping them prioritize efforts based on attack path analysis.
Proactively track and report on progress, delivering regular status updates and executive-level business reviews (QBRs) that demonstrate risk reduction and program success.
Act as a trusted advisor on exposure and attack path management, translating industry trends into proactive, tailored recommendations that enhance your customers' security posture.
Partner with the broader account team, including Customer Success Managers and Support Engineers, to ensure a seamless customer experience. Act as the lead technical escalation point to resolve complex challenges and champion customer needs with internal teams like Product and R&D.

We're looking for a Corporate Systems Administrator to own Port's internal IT systems, identity lifecycle, and governance processes as we scale globally and progress toward FedRAMP authorization.

Port is expanding rapidly into enterprise and federal markets, and we're managing an increasingly complex and sensitive SaaS and infrastructure environment. We need a leader who can build scalable processes, strengthen our security and compliance posture, and ensure our internal systems evolve to support fast, high-quality growth.

In this role, you'll partner closely with Security, GRC, Engineering, and Finance to implement best-practice controls, automate lifecycle workflows, and drive operational excellence across the company.



Who you'll work with

You'll report to the Head of IT and work closely with the CIO, Security team, GRC Program Manager, and Engineering/DevOps teams. You'll partner with business system owners across all departments to ensure governance standards are met. You'll also work with Finance on procurement and vendor management.



What you'll do
Own the IT systems & employee lifecycles - manage identity lifecycle, MDM, endpoint security, and SaaS access management across the company.
Implement and maintain GRC-related IT controls, including SSO, encryption, device posture enforcement, and centralized logging.
Collaborate with Security and GRC teams to ensure compliance with access, backup, and configuration standards.
Lead internal IT audits and manage evidence collection efforts for FedRAMP, SOC 2, and other compliance initiatives.
Partner with business system owners to uphold governance best practices and ensure systems align with security and compliance requirements.
Maintain and evolve the SaaS catalog, ensuring continuous review of ownership, access controls, and lifecycle management.
Drive the SSO roadmap, integrating the majority of our SaaS applications into a unified identity platform.
Represent IT in the SaaS procurement process to ensure tools meet governance, security, and integration standards.
Develop and scale IT governance processes, automating workflows such as new system onboarding and access provisioning.
Continuously strengthen our enterprise IT governance and security posture as the company grows.

We're looking for a GRC Program Manager to drive FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.

FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
What you'll do

Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
Build and maintain the compliance evidence repository and continuous monitoring program.
Manage cross-team milestones, track control implementation progress, and identify blockers.
Develop repeatable processes and frameworks to sustain compliance post-authorization.
Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
Lead internal readiness assessments and gap analyses.

Were looking for a Staff Application Security Engineer to join our IT and Security team. This role is ideal for a hands-on security professional who is passionate about working closely with engineering teams to design secure software, fix vulnerabilities, and promote a culture of security across the organization.
Youll be responsible for shaping and owning our Secure Software Development Lifecycle (SSDLC), managing security tooling, and leading the assessment of application and API security across our products and services.
Here are a few of the things you will do:
Collaborate directly with engineering teams to define remediation strategies, track implementation, and validate security fixes across the application stack.
Design, implement, and drive SSDLC practices across the company-from security design reviews and threat modeling to proactive triaging in production.
Conduct threat modeling, architecture reviews, and security assessments of cloud-based applications and services, including those leveraging emerging technologies.
Manage our bug bounty program, validating reports and coordinating response and resolution.
Own and operate our suite of AppSec tools including SAST, ASPM, and other security scanners-triaging findings, prioritizing issues, and guiding engineering toward resolution.
Review source code and applications to identify vulnerabilities and collaborate with dev teams on remediation.
Act as the point of contact for findings from penetration tests, automated scanners, and external assessments, helping manage triage and ensure timely fixes.
Continuously research and stay current with application security trends, frameworks, vulnerabilities, and best practices.
Promote a strong security culture across by educating and enabling engineers, architects, and DevOps teams to build secure software from the ground up.

We are looking for an Application Security Engineer to join our Security Engineering team.

What you will be doing:

As an Application Security Engineer , you will play a critical role in ensuring our software applications are secure by design and resilient against evolving threats. You will collaborate closely with development, DevOps, and product teams to embed security throughout the SSDLC and drive secure coding practices.

Conduct security assessments, penetration tests, and code reviews across web, mobile, and cloud applications.

Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using platforms like Azure DevOps, GitHub Actions.

Design and enforce secure coding standards and SSDLC policies.

Collaborate with developers to remediate vulnerabilities and provide inline guidance during PR reviews.

Lead threat modeling and architecture reviews for new features and services.

Manage secrets, access controls, and data confidentiality assurance across applications.

Monitor public exposure of cloud resources and enforce Azure policies to prevent misconfigurations.

Participate in incident response and forensic analysis for application-related security events.

Deliver security awareness training and documentation for engineering teams.

Maintain up-to-date knowledge of OWASP Top 10, secure coding techniques, and emerging threats.