דרושים » אבטחת מידע וסייבר » Cybersecurity Architect (GRC & Risk)

We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

We are looking for an experienced Cyber Security Architect (CISO Department) to join our Security Architecture team and help design, review, and guide the implementation of security controls across the organization.
The Cyber Security Architect will work closely with Security, IT, Engineering, Cloud, DevOps, Infrastructure, and business stakeholders to ensure that systems, applications, cloud services, SaaS platforms, and internal processes are designed and operated securely.
This role requires a strong combination of technical depth, risk-based thinking, practical security judgment, and the ability to translate security requirements into scalable architecture and actionable guidance.
Key Responsibilities:
Security Architecture & Risk Advisory
Design and review security architecture across enterprise systems, applications, cloud environments, SaaS platforms, infrastructure, and third-party integrations.
Define security requirements and assess architecture (including data flows, authentication models, network connectivity, APIs, and integrations) for new technologies, projects, and business initiatives.
Perform technical security reviews of systems, tools, vendors, and integrations, identifying gaps and providing practical, risk-based recommendations.
Clearly communicate security risks, business impact, and mitigation strategies to technical and non-technical stakeholders.
Act as a trusted security advisor to IT, Engineering, DevOps, Product, and business teams, balancing risk reduction with business enablement.
Identity, Access & Zero Trust
Define and improve identity and access control architecture across enterprise systems, cloud services, SaaS platforms, and internal applications.
Support implementation and improvement of controls such as SSO, MFA, conditional access, device posture, privileged access management, RBAC, and access governance.
Review authentication and authorization models for internal and external-facing applications.
Help drive Zero Trust initiatives across users, devices, applications, networks, and data.
Security Standards, Patterns & Governance
Contribute to policies and procedures related to data protection, AI usage, and secure development.
Document architecture decisions, exceptions, risks, compensating controls, and approved security patterns.
Support continuous improvement of security architecture processes, documentation, and intake workflows.
Partner with Governance, Risk & Compliance, Legal, Privacy, and Procurement teams as needed.
Security Operations & Detection Enablement
Ensure systems are designed with appropriate security logging, SIEM integration, and visibility requirements to support SOC monitoring and incident response.
Work with SOC, Detection Engineering, EDR/XDR, SIEM, and Incident Response teams to embed visibility and response requirements into architecture.
Support investigations and post-incident reviews when architecture improvements or control enhancements are required.

Power the Future with us! SolarEdge (NASDAQ: SEDG), is a global leader in high-performance smart energy technology, with over 3000 employees, offices in 34 countries, and millions of products installed in over 133 countries. Our diverse product offering comprises intelligent solar inverters, battery storage, backup systems, EV charging, and complete home energy management ecosystems. By leveraging world-class engineering capabilities and with a relentless focus on innovation, we strive to create a world where clean, green energy from the sun is the primary source of power for our homes, businesses, and just about everywhere we thrive We're looking for a Cyber Security Architect to set the technical direction for security across our entire estate — on-premises infrastructure, R&D and product engineering, and cloud. You'll own reference architectures, lead security projects end-to-end, and partner closely with infrastructure, engineering, and DevOps teams to embed security by design. This is a hands-on senior role: you're equally comfortable presenting a strategy to executives and pulling apart a threat model with engineers. What you'll do
* Design and govern security architectures that span data centers, product platforms, and cloud workloads — bringing one coherent control story across all three.
* Lead threat modeling and architectural risk assessments for major projects, translating findings into prioritized design changes.
* Define and maintain reference architectures, security patterns, and hardening baselines covering identity, network segmentation, endpoint, application, and data protection. Embed security into the SSDLC and review new product features and platform changes before they ship.
* Architect cloud landing zones, IAM, network and key management, CSPM/CWP coverage, and container/Kubernetes security.
* Mentor security engineers, brief executives, and act as the senior technical authority for security across IT, R&D, and cloud.

Country:
Israel

City:
Herzliya

our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.
Responsibilities
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

As a Senior Security Researcher you will be responsible for researching multiple domains in the Automotive, AI, API, IoT and Mobility ecosystems, work closely with our domain researchers, data-scientists, development teams, as well as work with customers to build a cutting edge cybersecurity product at Upstream.

This role is full-time and is Israel based.

Responsibilities
AI Security - research LLM and MCP based attack methods
API Security - research API vulnerabilities and attack methods.
Research the Automotive Cybersecurity ecosystem: Automotive protocols - Both in-vehicle and external vehicle communications, Vehicle Architectures, Device research - Hardware, reverse-engineering, vulnerability research.
Mobility IoT Security - research IoT protocols and devices for vulnerabilities and attack methods.
Develop cyber-attack detection techniques and methodologies.
Develop research tools and technologies.

we are looking for a Embedded Systems Vulnerability Researcher.
As an Embedded Systems Vulnerability Researcher, you will operate at the cutting edge of security projects. Your mission is to identify, exploit, and mitigate security flaws in complex hardware/software ecosystems. You will bridge the gap between the digital and analog worlds, analyzing everything from low-level firmware to the electromagnetic spectrum.
Responsibilities:
Vulnerability Discovery: Perform deep-dive security analysis and "bug hunting" on proprietary embedded systems and RTOS.
Exploit Development: Create Proof-of-Concept (PoC) exploits for identified vulnerabilities, including memory corruption, logic flaws, etc.
Firmware Analysis: Conduct static and dynamic analysis of binary blobs using advanced reverse engineering suites.
Hardware Probing: Utilize JTAG, UART, and SWD interfaces to extract firmware, monitor execution, etc.
Tooling: Develop custom scripts and tools in Python, C, C++ to automate the research and exploitation pipeline.