We are seeking a skilled and experienced InfoSec & SecOps Lead to join our company (Formerly ActiveFence) CISO team. The ideal candidate will be responsible for driving the security initiatives.
Responsibilities:
Maintain holistically security corporate architecture and Hardening, including network, systems, applications. Evaluate and implement security remediations to enhance the organization security posture.
Corporate Security: Oversee security measures, including access control, surveillance, and emergency response planning. Manage relationships with external security vendors related to TPRM and IR.
Experience among others on SSPM/SaaS security, IDP, SIEM/SOC, Including conducting threat modeling exercises to identify potential vulnerabilities and risks where required.
Security Operations: Oversee the day-to-day security operations, including monitoring, incident response, Analyze security logs and alerts to identify & respond to security incidents. Conduct regular security assessments and manage the remediations program. Develop and maintain an effective incident response plan.Conduct post-incident reviews to identify lessons learned and improve future response efforts.
Experience with Vulnerability Management: Identify, prioritize vulnerabilities. Monitor and track vulnerability remediation efforts.
Collaborate with other teams within the organization to ensure the overall security posture is maintained. This may include working with IT, Devops, R&D, G&A to implement security policies and technical security procedures. Including all business units, educate employees on security best practices.
AI Governance: Partner with Business Units to create safe-use guardrails for AI. Conduct security reviews for internal AI implementations, ensuring adherence to frameworks like the OWASP Top 10 for LLMs.
Data Driven Metrics: Develop automated dashboards that track real-time security health, focusing on MTTR and reducing manual "toil" for the Security.
Requirements: Must Have-
Security Automation & Orchestration: Proven ability to transition from manual SOC workflows to Automated Incident Response. You must have hands-on experience building playbooks that automate repetitive tasks.
AI-Driven Threat Detection: Experience leveraging AI/ML capabilities within modern stacks (e.g., Coralogix/Splunk anomaly detection or Okta Identity Threat Protection) to identify "low and slow" attacks that bypass traditional signature based rules.
Secure AI Adoption: Foundational knowledge of securing LLMs and Generative AI tools. Ability to evaluate risk in the AI supply chain.
Bachelor's degree in Computer Science, Information Security, or a related field.
4+ years of Infosec & Secops Hands-On experience, among others in the start-up and fully cloud based industries.
Strong Experience among others with Okta, Adaptive Shield/Astrix, Coralogix/Splunk, Endpoint security, Network security, and similar security tools.
Expertise in security technologies, WAF, endpoint security solutions. Knowledge of cloud security and cloud-based security tools
Experience with cloud platforms (AWS, GCP).
Strong understanding of security frameworks and standards (e.g., NIST, CIS). Experience with security incident response and investigation.
Strong understanding of security principles, risk assessments, vulnerability management.
Knowledge of security orchestration, automation, response tools.
Ability to work effectively in a team environment. Excellent written and verbal communication skills.
Excellent analytical & problem solving skills. Strong communication & interpersonal skills.
Must be able to work independently and as part of a team. This position may require occasional on-call or after-hours work.
Advantage:
Relevant certifications such as CISSP, CISM, CEH, CompTIA Security+,SSCP preferred.
Familiarity with scripting languages (Python, NodeJs) and automation tools.
This position is open to all candidates.