דרושים » אבטחת מידע וסייבר » GRC Specialist

Are you ready to evolve from a GRC Specialist into a strategic leader? We are looking for a high-potential GRC Specialist to join Fiverr. As a GRC at Fiverr you will be responsible for aligning Fiverr’s security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.


What am I going to do?:

* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.


Equal opportunities:
At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

We are looking for a Security Lead to join our companys R&D organization, taking a central, cross-functional role in shaping the security posture of our products. This role combines deep hands-on expertise with cross-organizational leadership, working closely with senior leaders to shape and implement security strategy across all product lines. You will lead end-to-end security initiatives, influence engineering practices at scale, and play a critical role in ensuring our products meet the highest security standards.
Key Responsibilities
Lead security in the R&D organization by professionalism and cooperation across our company
Maintain and develop the Secure Development Life Cycle of all our companys Products Organization, work with R&D, QA, Sales, Support, external researchers, and customers to make the cyber landscape a safer place.
Conduct architectural security reviews and threat modeling for R&D
Full triage for our company's VDP and BBP reports, including analyzing reports, calculating severities and communications with reporters.
Define and develop security training to implement cross organization
Be a first responder in security incidents, including leading and defining actions to resolution
Manage and monitor our company's SCA, SAST, DAST tools.

As a Security Support Specialist you will be tasked with driving operational security excellence within Data Centers while working with partner teams and leaders. The ideal candidate will manage communications and provide services as required. You will assist with electronic surveillance and access control requests, assisting Data Centre Security Managers streamline efficiency. You will write and implement security process and procedures. Your position will require you to extract metrics and observe improvements by looking at data. The successful candidate must have a proven track record of customer service, possess excellent verbal and written communication skills, and demonstrate good judgment and critical thinking.
An ideal candidate for this role will be able to work at all levels, from the theoretical knowledge of physical security principles to the practical application and real-world implementation of processes and measures. You should have a proven record of accomplishment in operations room/centre dispatching, data centre security operations, physical security, customer service; and the ability to multi-task.

Key job responsibilities:
You will manage a chat queue, phone communications, generate and/or manage trouble tickets, handle incoming chats, and provide support to customers.
Drive security awareness campaigns aimed at enhancing security vigilance and effectiveness.
You will manage workflow ticketing and extraction/development of performance metrics.
Configure physical security devices including cameras, readers, and panels.
Support daily operational security across a data centre campus.
Distil overarching security strategy into daily tactics to reach management goals.
Coordinate day-to-day activities and site security operations.
Coordinate with operations teams across a number of business units
Provide guidance and leadership across a number of team programs.
Building Partnerships through networking and innovation.
Extract metrics and seeking improvements by analyzing data and trends in order to influence positive change through targeted proactive incentives.
Verify Data Center security programs are delivered to meet defined global security standards
Assist in all media integrity related programs and activities
Assist in the training of new and existing personnel regards to compliance to security policies and procedures.
Handle escalations and resolve tasks delegated and/or assigned to the team.
Draft reports and prepare presentations on the status of physical security operations.
Collaborate with managers in writing and implementing security policies, processes and procedures based on regional or global security initiatives.
Serve as a customer advocate by identifying security-related opportunities and crafting innovative solutions that maintain uncompromising security standards
Participate in site audits, inspections.
Identifying, discussing and bringing forward issues and solutions to senior team members so to raise the security bar.

The Security & Information team is looking for someone who is passionate about technology and has a roll-up-their-sleeves mentality to join our global team. Youll play a crucial role in enhancing our security infrastructure, improving networking, ensuring scalability, and maintaining strong security as we continue to grow. If you want to be an industry leader, on a team experiencing hyper-growth, look no further!
Responsibilities :
Lead the design and implementation of AI-driven detection and response strategies to automate complex security investigations.
Operates as the primary escalation point for critical security alerts, performing deep-dive DFIR investigations, analyzing attacker techniques and vectors, proactively hunting threats, and directing incident response activities.
Lead SecOps projects from inception to execution, ensuring effective implementation and ongoing maintenance
Research how to leverage security telemetry and existing security solutions to improve triage and automated response.
Work cross-functionally to refine and evolve agentic workflows that drive automated security operations.
Coordinate investigation, containment, and other response activities with business stakeholders and groups.
Perform hands-on forensic investigations, log reviews, cloud investigations, and root-cause analysis
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.

Were looking for a Pentest Product Associate to join our Product team and help expand the power of our company.
In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.
You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.
WHAT YOULL DO
Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the company DAST engine.
Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning our company as the market leader in vulnerability management.

we are looking for a Product Security Engineer.
Responsibilities:
Own, maintain, and continuously improve the Secure Design Review process, ensuring security considerations are integrated early in the development lifecycle.
Develop, implement, and maintain Zenitys Application Security Program, including controls, standards, developer enablement, and automation.
Manage SAST and DAST tooling, including configuration, integrations, alerting, developer workflows, and program-wide reporting.
Monitor and enforce SDLC security controls, ensuring consistent application of secure development practices across all engineering teams.
Develop and maintain Zenitys Cloud Security Program, defining guardrails, policies, and automated controls for secure-by-default cloud deployments.
Manage CSPM tooling, including configuration, findings triage, reporting, and alignment with internal risk and compliance processes.
Partner with DevOps to design, implement, and maintain a fully secured CI/CD pipeline, ensuring that security checks, guardrails, and automated gates are embedded throughout build, test, and deployment stages.
Collaborate closely with engineering teams to deliver actionable guidance, model threats, advise on architecture, and support secure implementations.
Drive automation-first approaches to product and cloud security, reducing friction and enabling fast, safe development.
Define and track KPIs, metrics, and reporting for application and cloud security health.
Identify gaps in product, application, and cloud security posture and drive end-to-end remediation plans.
Promote a culture of security and developer empowerment by delivering clear, pragmatic, and scalable guidance.

As the Senior Knowledge Engineer, you will be the designer of a system that treats global infrastructure as a formal graph, where every node and edge is traced back to a versioned source of truth. This role is a part of the Product CTO organisation that includes a team of Technical Strategy leaders that bring outstanding ideas, the ability to execute cross functionally, and teamwork to a strategic, high future impact organisation.

The Vision:

The security industry is drowning in observed symptoms while starving for attestable truth. At CrowdStrike, we are building a high integrity infrastructure fabric - a platform that doesnt just scan for risks, but proves them through a deterministic digital twin of the enterprise.

The Challenge Youll Solve: How do you build a robust extensible framework that can connect to hundreds of different APIs, from mainstream cloud providers to niche security tools? How do you write the code that can parse and normalise their widely different schemas and data formats, and then efficiently map them into a canonical graph model? This is your build.

What You'll Do:
Build our Universal Translator Framework: You will be the primary builder of our data ingestion and semantic transformation pipelines. You will design and implement the core framework and specific connectors to parse API schemas and transform raw data into our canonical model.

Architect the Knowledge Construction Engine: You will implement the systems that turn data into knowledge. This includes building the code generators that compile our team's high level mapping configurations into low level artifacts, and developing the software for our entity resolution engine to fuse disparate data into unified conceptual entities.

Data Quality & Validation Strategy: You will contribute to a multi-backend graph architecture optimized for both real time temporal state and deep multihop path analysis.

Work Crossfunctionally: Work closely with the Principal Ontologist, Asset Platform, Risk Platform, Ingest, and Design Teams.

Lead, Mentor, and Align: Guide a diverse team of engineers, taxonomists, and subject matter experts in distilling vendor specific noise into a unified topography of risk.

Provide support to the wider CTO organization including the Falcon Fund, Privacy & Cyber Policy, Data Science and Detection Architecture teams, as well as the broader CrowdStrike organization as needed.

Work with industry analysts to provide product updates, briefings, and demonstrations.

We're looking for a security practitioner who wants to go deeper than monitoring dashboards and triaging alerts. Someone who understands what good detection looks like, knows their way around a SIEM, and isn't afraid to roll up their sleeves with APIs and automation. You'll be the bridge between the security products our customers already trust and the our company platform that validates whether those products are actually doing their job.

Opportunity Highlights
Our integrations team is responsible for connecting our company with the security products that make up enterprise defense stacks worldwide - EDR and XDR platforms, SIEMs, vulnerability management tools, threat intelligence platforms, email security products, and cloud security solutions.

You'll own the full lifecycle of these integrations: building new ones, keeping existing ones healthy, and setting up realistic lab environments that mirror what our customers actually run. When something breaks in the field (or can't be reproduced internally) you'll be the one figuring it out.

You won't be doing this alone. You'll work closely with our Product, Engineering, and Security teams, and you'll have access to modern AI-powered development tools that let you move fast without sacrificing quality.

The Impact You Will Have

Design, build, and maintain integrations with leading third-party security products
Own the full lifecycle of existing integrations - maintenance, bug fixes, upgrades, and reliability improvements
Research vendor APIs, authentication flows, event schemas, and product capabilities to unlock new integrations
Translate complex security telemetry into normalized, actionable data
Build and maintain lab environments that mirror real enterprise security deployments
Reproduce field scenarios, validate detections, and troubleshoot integration behavior end-to-end
Investigate issues in customer-like environments when they can't be reproduced internally
Continuously evaluate new security technologies and identify integration opportunities
Use modern AI-driven development tools to accelerate delivery and improve quality