דרושים » אבטחת מידע וסייבר » GRC Specialist

Are you ready to evolve from a GRC Specialist into a strategic leader? We are looking for a high-potential GRC Specialist to join Fiverr. As a GRC at Fiverr you will be responsible for aligning Fiverr’s security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.


What am I going to do?:

* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.


Equal opportunities:
At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

looking for a Compliance Analyst to join the CISO team. Reporting to the GRC Team Leader, you will fulfill an essential role, joining the team in accomplishing important Compliance projects, ensuring that all systems and products are safe and meet the required standard.

What will you actually be doing?
Track enterprise compliance across multiple security frameworks including security, privacy and AI frameworks (ISO, SOC, etc) and maintain up-to-date records of requirements and corresponding mitigating controls.

Continuous monitoring of internal security processes to ensure compliance, and liaise with IT and business stakeholders to confirm current security arrangements and maintain systems security process.

Assist with the education and awareness programs to promote security and privacy in the company.

Creatively overcome obstacles so that the Compliance Controls will continuously operate alongside the business activities.

Review proposed changes on an ongoing basis to determine the impact on security and privacy.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

We are looking for a Security Lead to join our companys R&D organization, taking a central, cross-functional role in shaping the security posture of our products. This role combines deep hands-on expertise with cross-organizational leadership, working closely with senior leaders to shape and implement security strategy across all product lines. You will lead end-to-end security initiatives, influence engineering practices at scale, and play a critical role in ensuring our products meet the highest security standards.
Key Responsibilities
Lead security in the R&D organization by professionalism and cooperation across our company
Maintain and develop the Secure Development Life Cycle of all our companys Products Organization, work with R&D, QA, Sales, Support, external researchers, and customers to make the cyber landscape a safer place.
Conduct architectural security reviews and threat modeling for R&D
Full triage for our company's VDP and BBP reports, including analyzing reports, calculating severities and communications with reporters.
Define and develop security training to implement cross organization
Be a first responder in security incidents, including leading and defining actions to resolution
Manage and monitor our company's SCA, SAST, DAST tools.

As a Security Support Specialist you will be tasked with driving operational security excellence within Data Centers while working with partner teams and leaders. The ideal candidate will manage communications and provide services as required. You will assist with electronic surveillance and access control requests, assisting Data Centre Security Managers streamline efficiency. You will write and implement security process and procedures. Your position will require you to extract metrics and observe improvements by looking at data. The successful candidate must have a proven track record of customer service, possess excellent verbal and written communication skills, and demonstrate good judgment and critical thinking.
An ideal candidate for this role will be able to work at all levels, from the theoretical knowledge of physical security principles to the practical application and real-world implementation of processes and measures. You should have a proven record of accomplishment in operations room/centre dispatching, data centre security operations, physical security, customer service; and the ability to multi-task.

Key job responsibilities:
You will manage a chat queue, phone communications, generate and/or manage trouble tickets, handle incoming chats, and provide support to customers.
Drive security awareness campaigns aimed at enhancing security vigilance and effectiveness.
You will manage workflow ticketing and extraction/development of performance metrics.
Configure physical security devices including cameras, readers, and panels.
Support daily operational security across a data centre campus.
Distil overarching security strategy into daily tactics to reach management goals.
Coordinate day-to-day activities and site security operations.
Coordinate with operations teams across a number of business units
Provide guidance and leadership across a number of team programs.
Building Partnerships through networking and innovation.
Extract metrics and seeking improvements by analyzing data and trends in order to influence positive change through targeted proactive incentives.
Verify Data Center security programs are delivered to meet defined global security standards
Assist in all media integrity related programs and activities
Assist in the training of new and existing personnel regards to compliance to security policies and procedures.
Handle escalations and resolve tasks delegated and/or assigned to the team.
Draft reports and prepare presentations on the status of physical security operations.
Collaborate with managers in writing and implementing security policies, processes and procedures based on regional or global security initiatives.
Serve as a customer advocate by identifying security-related opportunities and crafting innovative solutions that maintain uncompromising security standards
Participate in site audits, inspections.
Identifying, discussing and bringing forward issues and solutions to senior team members so to raise the security bar.

The Security & Information team is looking for someone who is passionate about technology and has a roll-up-their-sleeves mentality to join our global team. Youll play a crucial role in enhancing our security infrastructure, improving networking, ensuring scalability, and maintaining strong security as we continue to grow. If you want to be an industry leader, on a team experiencing hyper-growth, look no further!
Responsibilities :
Lead the design and implementation of AI-driven detection and response strategies to automate complex security investigations.
Operates as the primary escalation point for critical security alerts, performing deep-dive DFIR investigations, analyzing attacker techniques and vectors, proactively hunting threats, and directing incident response activities.
Lead SecOps projects from inception to execution, ensuring effective implementation and ongoing maintenance
Research how to leverage security telemetry and existing security solutions to improve triage and automated response.
Work cross-functionally to refine and evolve agentic workflows that drive automated security operations.
Coordinate investigation, containment, and other response activities with business stakeholders and groups.
Perform hands-on forensic investigations, log reviews, cloud investigations, and root-cause analysis
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.

Were looking for a Pentest Product Associate to join our Product team and help expand the power of our company.
In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.
You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.
WHAT YOULL DO
Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the company DAST engine.
Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning our company as the market leader in vulnerability management.

we are looking for a Product Security Engineer.
Responsibilities:
Own, maintain, and continuously improve the Secure Design Review process, ensuring security considerations are integrated early in the development lifecycle.
Develop, implement, and maintain Zenitys Application Security Program, including controls, standards, developer enablement, and automation.
Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting.
Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams.
Develop and maintain Zenitys Cloud Security Program, defining guardrails, policies, and automated controls for secure-by-default cloud deployments.
Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes.
Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline, ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages.
Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations.
Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development.
Define and track KPIs, metrics, and reporting for application and cloud security health.
Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans.
Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.

We are seeking a seasoned security leader to manage a high-caliber research team focused on the security of Identity, SaaS, and Cloud ecosystems. In this role, you will provide technical mentorship and strategic vision, guiding research into service risk profiling and adversarial TTPs analysis. You will be the bridge between cutting-edge research and product innovation, ensuring our findings translate into high-impact security outcomes to stay ahead of modern adversaries.
Key Responsibilities
Define the research roadmap for Identity, SaaS, and Cloud risks, ensuring the team's outputs align with the evolving threat landscape and company goals.
Lead and grow a diverse team of security researchers, providing the technical guidance and career development necessary to maintain a world-class research organization.
Leverage your experience in a product-focused environment to ensure research outcomes directly influence service security strategies and customer-facing solutions.
Oversee the execution of high-fidelity attack simulations and TTP deconstruction, ensuring the 'how-to' of secure service usage is clearly defined and actionable.
Partner with Engineering, Product Management, and Threat Intel teams to transform raw research into robust mitigation strategies and resilient service blueprints.
Represent the team's research internally and externally, positioning the organization as a premier authority on Identity-centric and Cloud security.

Were looking for driven and talented people like you to join our team and our mission to change the future of cloud security. Ready to dive in and swim with our pod?
As the Head of Research, you will lead Securitys threat-research, security-innovation, and vulnerability-discovery efforts. You will define the strategy for how we uncover threats, identify novel attack vectors, influence product direction, and contribute thought leadership to the cybersecurity community. You will manage and grow a team of world-class researchers, work closely with product, engineering and go-to-market teams, and ensure our research remains cutting-edge, rigorous and impactful. This role emphasizes strong people leadership and cross-functional execution, alongside technical depth and hands-on research judgment.
What youll do :
Develop, own and evolve the research strategy by defining high value focus areas (for example misconfigurations, identity threats, workload vulnerabilities, and emerging attack techniques), and ensure alignment with product roadmap and business objectives.
Lead, coach, and mentor a multidisciplinary research team (researchers, threat analysts, and engineers).
Build a healthy, high-performing org, including hiring, onboarding, and performance management.
Partner closely with product and engineering leadership to turn research insights into concrete roadmap items, detection logic, and customer value.
Drive discovery of new vulnerabilities, attack techniques, or adversary behaviors across cloud and modern infrastructure environments (for example containers, serverless, data stores, IAM).
Define metrics for research impact (for example vulnerabilities discovered, time to validate and operationalize new findings, research-driven product improvements, external reach).
Establish and maintain external partnerships (industry peers, academic groups, independent researchers) to expand capabilities and pipeline.
Publish and present research findings (blog posts, white papers, conference talks).
Lead vulnerability disclosure and responsible communications.
Ensure the research function has the right infrastructure and processes (tooling, sandboxes, repeatable experimentation, documentation standards).
Stay current with the threat landscape, emerging technologies, attacker tradecraft, and relevant compliance or regulatory shifts.