דרושים » אבטחת מידע וסייבר » Security Risk Engineer

Were looking for a GRC Specialist to join our Cyber Security Department and lead cybersecurity Governance, Risk, and Compliance efforts for a growing, disruptive fintech operating in a regulated environment.
This role is ideal for someone who thrives on detail and complexity, enjoys working deeply with regulations and frameworks, and can translate dense requirements into clear, actionable controls.
What youll do
Own, implement, and continuously improve GRC frameworks, policies, and processes
Track and enforce execution of policies across, including documentation and evidence collection
Manage cybersecurity risk assessments and translate findings into business-relevant insights
Drive compliance with ISO 27001, PCI DSS, GDPR, DORA, EU AI Act, and any related European and Israeli privacy and banking regulations
Lead audits, third-party risk assessments, and customer/partner security due diligence
Manage and enhance the GRC platform and related workflows.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization.
In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

We are seeking a Security Operations Engineer to join our Security team, reporting to the CIO. This is a hands-on role where you will design and operate security infrastructure, lead cloud security initiatives, and rethink our security architecture. You'll build AI-powered solutions to automate security triage and response, while partnering cross-functionally with DevOps, IT, and Engineering teams to drive security outcomes across the organization.
What you will do :
Design, implement, and operate security monitoring capabilities using a SIEM platform to detect, analyze, and respond to threats in real time. Deploy and manage EDR, DLP, CSPM, and other security controls across the environment.
Build and maintain cloud security architectures, ensuring strong IAM, network segmentation, encryption, and a zero-trust approach across all cloud deployments.
Continuously evaluate and evolve the security architecture and defense in depth strategy. Integrate tools and systems across the stack to enable unified telemetry, seamless data flow, and automated response actions.
Develop AI powered agentic solutions and operational automations using n8n. Use Infrastructure as Code to automate deployment, configuration management, and ongoing lifecycle operations for security infrastructure.
Create and tune detection rules, build log ingestion pipelines, and conduct proactive threat hunting. Lead monitoring, investigation, and remediation efforts using structured DFIR methodologies.
Embed security into CI/CD pipelines and broader DevSecOps workflows. Partner with DevOps, IT, and Engineering teams to integrate security into day to day operations and technical decision making.
Implement and maintain controls aligned with HIPAA, HITRUST, and SOC 2 requirements. Perform security assessments for vendors, SaaS platforms, and internal applications.

We are looking for an experienced Security Engineer to join our security operations team with a strong focus on detection and response.

This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.



What You Will Do:

Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.

Build and maintain an effective and scalable security monitoring infrastructure solution.

Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.

Triage alerts and drive security incidents to closure while reducing their potential impact .

Build processes and workflows to triage security alerts and respond to real incidents.

Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.

Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.

Contribute to strategy, risk management, and prioritization for all efforts around detection and response.

Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.

Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.

We are looking for an experienced Security Architect to lead the design and implementation of advanced security solutions across our infrastructure, products, and cloud environments. In this role, you will work closely with engineering, DevOps, product, and SOC teams to ensure end-to-end protection, threat resilience, and security-by-design architecture.

Your Chain of Impact:

Design and implement scalable, secure architectures across cloud, application, and data environments
Lead security reviews, threat modeling, and risk assessments for new and existing systems.
Collaborate with R&D and DevOps to embed security best practices into development and deployment processes.
Define and maintain security standards, policies, and frameworks (Zero Trust, IAM, network controls, data protection, etc.)
Oversee integration of security controls, monitoring systems, and automated detection capabilities.
Partner with SOC teams to enhance detection, response, and incident management workflows.
Evaluate new security tools and technologies; lead POCs and drive strategic decisions.
Provide security guidance during architecture planning, code reviews, and product design.

We are seeking a customer-focused Security Analyst to join our managed services team. As a Customer-Facing Security Analyst, you will play a critical role in delivering top-notch exposure remediation services to our clients. You will work closely with customers to assess, analyze, and mitigate exposures in their IT and cloud infrastructure, while providing expert guidance and maintaining strong client relationships.

Responsibilities:

Own and manage the primary technical relationship for a portfolio of enterprise customers, establishing yourself as their trusted security advisor and focusing on strategic security outcomes.
Deliver continuous security posture assessments by leveraging the XM Cyber platform to translate complex technical findings into actionable, risk-based insights for customers.
Master the platform to drive maximum value for customers, guiding them on configuration, best practices, and new features to ensure successful adoption and ROI.
Drive remediation outcomes by acting as the liaison between customers and their internal teams (e.g., IT Operations, DevOps, Cloud Security), helping them prioritize efforts based on attack path analysis.
Proactively track and report on progress, delivering regular status updates and executive-level business reviews (QBRs) that demonstrate risk reduction and program success.
Act as a trusted advisor on exposure and attack path management, translating industry trends into proactive, tailored recommendations that enhance your customers' security posture.
Partner with the broader account team, including Customer Success Managers and Support Engineers, to ensure a seamless customer experience. Act as the lead technical escalation point to resolve complex challenges and champion customer needs with internal teams like Product and R&D.

We're looking for a Corporate Systems Administrator to own Port's internal IT systems, identity lifecycle, and governance processes as we scale globally and progress toward FedRAMP authorization.

Port is expanding rapidly into enterprise and federal markets, and we're managing an increasingly complex and sensitive SaaS and infrastructure environment. We need a leader who can build scalable processes, strengthen our security and compliance posture, and ensure our internal systems evolve to support fast, high-quality growth.

In this role, you'll partner closely with Security, GRC, Engineering, and Finance to implement best-practice controls, automate lifecycle workflows, and drive operational excellence across the company.



Who you'll work with

You'll report to the Head of IT and work closely with the CIO, Security team, GRC Program Manager, and Engineering/DevOps teams. You'll partner with business system owners across all departments to ensure governance standards are met. You'll also work with Finance on procurement and vendor management.



What you'll do
Own the IT systems & employee lifecycles - manage identity lifecycle, MDM, endpoint security, and SaaS access management across the company.
Implement and maintain GRC-related IT controls, including SSO, encryption, device posture enforcement, and centralized logging.
Collaborate with Security and GRC teams to ensure compliance with access, backup, and configuration standards.
Lead internal IT audits and manage evidence collection efforts for FedRAMP, SOC 2, and other compliance initiatives.
Partner with business system owners to uphold governance best practices and ensure systems align with security and compliance requirements.
Maintain and evolve the SaaS catalog, ensuring continuous review of ownership, access controls, and lifecycle management.
Drive the SSO roadmap, integrating the majority of our SaaS applications into a unified identity platform.
Represent IT in the SaaS procurement process to ensure tools meet governance, security, and integration standards.
Develop and scale IT governance processes, automating workflows such as new system onboarding and access provisioning.
Continuously strengthen our enterprise IT governance and security posture as the company grows.

The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Leader / Program Manager, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.

Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

We're looking for a GRC Program Manager to drive FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.

FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
What you'll do

Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
Build and maintain the compliance evidence repository and continuous monitoring program.
Manage cross-team milestones, track control implementation progress, and identify blockers.
Develop repeatable processes and frameworks to sustain compliance post-authorization.
Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
Lead internal readiness assessments and gap analyses.