דרושים » אבטחת מידע וסייבר » GRC Specialist

The cyber & information security department is looking for a Security Solutions Architect to support our business and drive its growth.
As a Security Solutions Architect, you will play a pivotal role in information security department, contributing to the overall success of company. This position offers an exciting opportunity for individuals who are passionate about field and are eager to make a meaningful impact through responsibilities.
In this role, you will work closely with the IT, R&D, finance, and other departments in the company.
In this job you will have the opportunity to make big impact on the security level of the company.
What will you be doing:
Develop and lead information security strategies by defining and implementing security policies, procedures, system hardening, incident response, disaster recovery, and addressing emerging cybersecurity threats and best practices.
Ensure secure project architectures by overseeing project and system designs to meet security requirements and integrating risk analysis.
Collaborate across teams by working with development, infrastructure, and security teams to resolve issues and implement improvements.
Act as a security design authority by reviewing, approving, and providing security sign‑off on solution architectures, including threat models, trust boundaries, and architecture decision records.
Participate in strategic meetings by engaging in project steering committees and regular discussions to drive security initiatives.
Conduct security reviews and risk assessments by assessing product features, technologies, and applications to meet security standards.
Plan and design security solutions by developing solutions to identify, protect, detect, respond, and recover from cyber threats.

Were looking for a Security Response Engineer with strong expertise in Web Application security to join our Advanced Security Response Team (ASRT).
The Advanced Security Response Team is dedicated to the first response for security incidents, focusing primarily on the operational aspects of web application security. This includes analyzing threats, suggesting immediate remediation and mitigation methods, and actively working to block attacks in real time.
The scope of activities spans network layers 3, 4, and 7, covering a broad spectrum of threats. This includes defending against DoS & DDoS attacks, brute-force attempts, scraping, filtering unwanted traffic, as well as initial analysis and mitigation of application attack vectors such as XSS, SQL injection (SQLi), and remote code execution.
Another important responsibility of the ASRT is managing false positives. The team will investigate root causes of these misfires, propose optimal solutions to prevent recurrence, and apply necessary changes.
The ASRT works closely with the first-tier support team, serving as the focal point for security-related events and incidents. Additionally, the team maintains a two-way communication channel with the Threat Research team to share findings, exchange consultation, and stay updated on current security policies.
As a member of the ASR team, the specialist is expected to have a strong working knowledge of web application security and the current threat landscape, combined with in-depth familiarity with security policies and processes. Proficiency with relevant tools and methodologies is required, and continuous learning in security-related topics is encouraged.
This is a full-time position that requires weekend availability and participation in a rotating weekend shift due to the real-time nature of security response.
Key Responsibility:
Investigate and respond to active web and network-based security incidents in real time.
Apply and validate mitigations for attacks such as SQLi, XSS, and DDoS.
Troubleshoot false positives and fine-tune security policies.
Collaborate with internal teams to share findings and continuously improve detection and response.
Clearly explain security events and impacts to both technical and non-technical audiences.
Stay up to date on emerging web attack techniques and response methods.
Participate in a rotating weekend/on-call schedule to ensure 24/7 protection for our customers.