דרושים » אבטחת מידע וסייבר » Cybersecurity Architect (GRC & Risk)

At our company, we move fast. Were an ultra-collaborative company with brilliant people who care deeply about the details. Together, were solving interesting and complex puzzles to keep the worlds data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.
Job Overview:
We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.
Responsibilities
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

As a Senior Security Researcher you will be responsible for researching multiple domains in the Automotive, AI, API, IoT and Mobility ecosystems, work closely with our domain researchers, data-scientists, development teams, as well as work with customers to build a cutting edge cybersecurity product at Upstream.

This role is full-time and is Israel based.

Responsibilities
AI Security - research LLM and MCP based attack methods
API Security - research API vulnerabilities and attack methods.
Research the Automotive Cybersecurity ecosystem: Automotive protocols - Both in-vehicle and external vehicle communications, Vehicle Architectures, Device research - Hardware, reverse-engineering, vulnerability research.
Mobility IoT Security - research IoT protocols and devices for vulnerabilities and attack methods.
Develop cyber-attack detection techniques and methodologies.
Develop research tools and technologies.

We are looking for a highly motivated SOC/NOC Analyst to join our operations and security team. This role is responsible for monitoring, detecting, analyzing, and responding to security and network events across the organizations infrastructure and production environments.
The SOC/NOC Analyst will play a key role in maintaining service availability, identifying threats, investigating incidents, and ensuring timely escalation and resolution of operational and security issues. The ideal candidate is detail-oriented, analytical, and able to work effectively in a fast-paced, 24/7 environment.
Key Responsibilities :
Monitor security and network events using SIEM, monitoring, and alerting platforms.
Investigate alerts, anomalies, and incidents related to infrastructure, systems, applications, and network activity.
Perform first-level triage, validation, categorization, and escalation of security and operational incidents.
Respond to incidents involving suspicious activity, service disruption, connectivity issues, unauthorized access attempts, and infrastructure abnormalities.
Open, track, and update incidents in the ticketing system, ensuring accurate documentation and timely resolution.
Support incident response activities, including containment, evidence gathering, and post-incident analysis.
Monitor network performance, uptime, connectivity, and service health across production environments.
Assist in vulnerability management, log analysis, and security control validation.
Maintain runbooks, knowledge base articles, and operational documentation.
Contribute to process improvement initiatives to enhance monitoring coverage, response quality, and operational resilience.
Additional Notes :
This role requires shift-based work as part of a 24/7 monitoring and response function.

we are looking for a Senior Low-Level Security Researcher.
As an Embedded security researcher, you will be dealing with:
Embedded systems reverse engineering.
Kernel drivers research and development.
Real-time Embedded End-to-End Low-Level software developments on various unique embedded platforms and environments.

we are looking for a Senior Vulnerability Researcher.
As a vulnerability researcher, your main focus will be on vulnerability discovery and exploitation of most prominent OS`s in the market, and on various challenging platforms.

Required Vulnerability Researcher
Want to make an instant impact?
Be a part of the top cyber research teams in the industry and make the world a better place!
As a Vulnerability Researcher, you will be:
Work with top-notch researchers using the latest technologies
Research low-level mechanisms, finding vulnerabilities and circumventing modern mitigation techniques
Our perks:
A competitive compensation package
Hybrid and flexible
Multiple career advancement opportunities
Incredible benefits.