דרושים » אבטחת מידע וסייבר » Penetration testing specialist- 2579

Were looking for a Pentest Product Associate to join our Product team and help expand the power of our company.
In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.
You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.
WHAT YOULL DO
Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the company DAST engine.
Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning our company as the market leader in vulnerability management.

our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

Were looking for a highly skilled Application Security Researcher to join our Security Research group and help us push the boundaries of modern AppSec. This is a critical, hands-on role where youll work closely with engineers, researchers, and AI & data scientists to build the next generation of application security - including autonomous, agentic pentesting capabilities.
This is not a typical AppSec role. Youll be building, breaking, and redefining how offensive security works at scale.
What Youll Be Doing:
Design and build detection engines and decision-making logic for autonomous security systems
Develop new classes of automated attacks leveraging deep application and infrastructure context
Conduct advanced research on chaining vulnerabilities, logic flaws, and complex attack paths
Prototype, build, and ship security capabilities into production environments
Collaborate with Product, Engineering, and Data teams to shape next-gen security features
Analyze large-scale data to identify attack opportunities and improve detection accuracy
Actively contribute to research direction, ideation, and innovation within the team

We are seeking a dynamic and experienced Threat Hunter to lead proactive cybersecurity efforts by uncovering hidden threats across our environment. In this role, you will drive hypothesis-based hunting, perform deep analysis and validation of security telemetry, investigate suspicious network activity, and continuously improve threat detection and response.
You will also assess CVE relevance and exploitability to prioritize real-world risk, and leverage threat intelligence feeds and enrichment pipelines to enhance hunting context, detection accuracy, and response effectiveness.
If you thrive in a fast-paced environment and are excited about pushing the boundaries of cybersecurity, we want to hear from you.
Responsibilities:
Apply data analytics to analyze security-related network data, uncover actionable threat intelligence, detect anomalies and malicious behavior, and automate findings into an enhanced detection system.
Leverage current cybersecurity knowledge to interpret and contextualize findings, enabling informed decision-making and proactive measures to strengthen overall cybersecurity defenses.
Work closely with Product and Engineering to translate threat intelligence into product strategy, prioritized features, and defensive enhancements.
Monitor and analyze the latest vulnerabilities, CVEs, exploits, and threat actor TTPs, with a focus on techniques relevant to microsegmentation, identity security, lateral movement, and internal reconnaissance.
Integrate external threat feeds and intelligence sources into our product - including normalization, enrichment, classification, and validation of feed relevance.
Contribute to detection logic, threat models, and internal tooling that turn intelligence into prevention and protection.
Provide on-the-fly support during customer incident response events and penetration testing exercises by leveraging expertise to promptly detect and block security threats.

The Security & Information team is looking for someone who is passionate about technology and has a roll-up-their-sleeves mentality to join our global team. Youll play a crucial role in enhancing our security infrastructure, improving networking, ensuring scalability, and maintaining strong security as we continue to grow. If you want to be an industry leader, on a team experiencing hyper-growth, look no further!
Responsibilities :
Lead the design and implementation of AI-driven detection and response strategies to automate complex security investigations.
Operates as the primary escalation point for critical security alerts, performing deep-dive DFIR investigations, analyzing attacker techniques and vectors, proactively hunting threats, and directing incident response activities.
Lead SecOps projects from inception to execution, ensuring effective implementation and ongoing maintenance
Research how to leverage security telemetry and existing security solutions to improve triage and automated response.
Work cross-functionally to refine and evolve agentic workflows that drive automated security operations.
Coordinate investigation, containment, and other response activities with business stakeholders and groups.
Perform hands-on forensic investigations, log reviews, cloud investigations, and root-cause analysis
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.
Responsibilities
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

we are looking for highly capable Incident Response Expert. The Incident Response Expert role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the clients IT and security teams.
Main Responsibilities:
Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.
Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.
Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.
Utilize and develop tools and methodologies to improve existing investigative and hunting technological stack.
Collaborate with IT and Security teams during investigations.
Generate and present a comprehensive and professional report of findings from investigations.

We are looking for a Security Lead to join our companys R&D organization, taking a central, cross-functional role in shaping the security posture of our products. This role combines deep hands-on expertise with cross-organizational leadership, working closely with senior leaders to shape and implement security strategy across all product lines. You will lead end-to-end security initiatives, influence engineering practices at scale, and play a critical role in ensuring our products meet the highest security standards.
Key Responsibilities
Lead security in the R&D organization by professionalism and cooperation across our company
Maintain and develop the Secure Development Life Cycle of all our companys Products Organization, work with R&D, QA, Sales, Support, external researchers, and customers to make the cyber landscape a safer place.
Conduct architectural security reviews and threat modeling for R&D
Full triage for our company's VDP and BBP reports, including analyzing reports, calculating severities and communications with reporters.
Define and develop security training to implement cross organization
Be a first responder in security incidents, including leading and defining actions to resolution
Manage and monitor our company's SCA, SAST, DAST tools.

About us Think about literally anything in your house. Your shirt. Your phone. That random IKEA wrench thingamabob you still haven’t thrown away. Odds are, it all came from somewhere else. Freight is the invisible magic trick that makes the global economy work. And we’re the ones helping it work a little bit faster, smarter, and cheaper. Freightos (Nasdaq: CRGO) is the global booking and payment platform for the trillion-dollar freight industry. Hundreds of airlines and ocean liners, thousands of freight companies, and over ten thousand importers and exporters use our platform to move goods around the world faster and more efficiently. This matters. Efficient freight ultimately makes things cost a little bit less when you buy them in the store. We’ve been on a rocketship (freight ship?) of double-digit growth for years, and we’re nowhere near done. About the Role We are looking for a hybrid powerhouse - a DevSecOps. In this role, you will be the "Ghostbuster" of our systems, an elite specialist who ensures our platform is not only lightning-fast and reliable, but also hardened against any digital threat. You are the kind of person who locks every back door behind you while keeping the gate always open for customers worldwide. Responsibilities:
* Lead security architecture and design reviews to ensure new systems and platforms meet security, reliability, and scalability requirements.
* Develop, implement, and enforce technical security standards, secure baseline configurations, and infrastructure hardening guidelines.
* Own the reliability, availability, performance, and security of production systems across the organization.
* Design, implement, and optimize secure and scalable CI/CD pipelines, integrating security practices throughout the SDLC.
* Build and maintain automation tools and operational processes to improve deployment efficiency, system stability, and security posture.
* Enhance security and observability by implementing and managing monitoring, logging, alerting, and SIEM solutions across distributed systems.
* Lead and participate in incident response activities, including threat monitoring, on-call support, and continuous improvement of operational readiness processes.
* Conduct security assessments, vulnerability management, and compliance audits to identify and remediate risks.
* Promote a security-first engineering culture by mentoring teams on secure coding, infrastructure, and deployment best practices.
* Stay current with emerging threats, vulnerabilities, attack vectors, and industry best practices, and proactively integrate improvements into engineering and security processes.
* Participate in the on-call rotation , with availability to support a global environment.

Hybrid:
Yes