לוח משרות דרושים הייטק אבטחת מידע / סייבר בהרצליה

we are seeking a Cybersecurity Architect (GRC & Risk) to join our cybersecurity architecture team. In this role, you will lead security governance, risk, and control assessments, conduct third-party due diligence, support maturity assessments, and drive mitigation and architectural review processes. Youll work closely with CISOs, security leaders, engineering teams, and customers to develop risk-focused methodologies and improve security frameworks. This position is best suited for candidates with a technical GRC, risk, or security assessment background who excel in analysis, interpretation, and structuring of security information.

Responsibilities
Lead customer third‑party security due diligence assessments.
Lead mitigation workshops to translate penetration test and assessment findings into prioritized remediation workplans.
Perform security maturity assessments, including reviews of organizational policies, standards, procedures, and governance practices, aligned with the NIST CSF 2.0 cybersecurity framework.
Develop and refine security methodologies, processes, and architectural guidance.
Maintain internal documentation and ensure alignment between frameworks, processes, and practical implementation.
Analyze technical findings and map them to governance, risk, and control gaps.
Produce clear, structured reports and executive‑ready summaries for technical and non‑technical audiences.

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.
Responsibilities
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

As a Senior Security Researcher you will be responsible for researching multiple domains in the Automotive, AI, API, IoT and Mobility ecosystems, work closely with our domain researchers, data-scientists, development teams, as well as work with customers to build a cutting edge cybersecurity product at Upstream.

This role is full-time and is Israel based.

Responsibilities
AI Security - research LLM and MCP based attack methods
API Security - research API vulnerabilities and attack methods.
Research the Automotive Cybersecurity ecosystem: Automotive protocols - Both in-vehicle and external vehicle communications, Vehicle Architectures, Device research - Hardware, reverse-engineering, vulnerability research.
Mobility IoT Security - research IoT protocols and devices for vulnerabilities and attack methods.
Develop cyber-attack detection techniques and methodologies.
Develop research tools and technologies.

Required Vulnerability Researcher
Want to make an instant impact?
Be a part of the top cyber research teams in the industry and make the world a better place!
As a Vulnerability Researcher, you will be:
Work with top-notch researchers using the latest technologies
Research low-level mechanisms, finding vulnerabilities and circumventing modern mitigation techniques
Our perks:
A competitive compensation package
Hybrid and flexible
Multiple career advancement opportunities
Incredible benefits.

Required Detection & Incident Response Team Lead
As a Detection & Incident Response Team Lead, you will:
Lead detection, investigation and mitigation of cybersecurity incidents, including deep network traffic and data analysis
Develop and maintain scripts for data parsing, packet analysis and correlation across multiple data sources
Leverage open-source tools and frameworks to support threat attribution and research
Build and maintain integrations with APIs, threat-intel feeds and big-data platforms to enhance visibility and detection capabilities
Document research findings, detection methods and analysis techniques for technical and non-technical stakeholders.

Required Network and Security Engineer
As a Network and Security Engineer, you will:
Design, implement and manage complex enterprise networks (LAN, WAN and WLAN)
Configure and maintain switches, routers and layer 3 devices from major vendors
Deploy and manage network security solutions, including firewalls, WAFs and load balancers
Monitor network performance and proactively resolve performance bottlenecks and security risks
Troubleshoot complex routing and switching issues (OSPF, BGP, EIGRP, VLANs and VRFs)
Maintain documentation and diagrams for network architecture and configurations.

Required Security Researcher
As a Security Researcher, you will:
Be a part of the OPSEC department which is in charge of research, design, development and enforcement of advanced OPSEC solutions
Be in charge of the operational security research of a cyber intelligence product
Your role will include: Researching OS internals, deconstructing of applications, architecture reviews and red-team tests
Define product requirements, alert mechanisms, working procedures and more.

Required Security Researcher
As a Security Researcher, you will:
Be a part of the OPSEC department which is in charge of research, design, development and enforcement of advanced OPSEC solutions.
Be in charge of the operational security research of a cyber intelligence product
Advanced analysis of operating system internals, including binary and architectural evaluation, security testing and exploit mitigation research
Define product requirements, alert mechanisms, working procedures and more.

Required SOC Analyst Tier 1
As a SOC Analyst Tier 1, you will:
Work in shifts 247, including weekends and holidays
Proactively hunt and monitor cyber threats
Analyze raw data, traffic and TTPs to maintain a dynamic comprehensive threat model
Develop a dashboard to handle security alerts and incidents
Work with forensic tools.

our Security team is looking for a highly skilled and security-savvy Application Security Engineer to lead our product and application security efforts. In this role, you will drive security design, ensure secure coding practices, and validate our services and environments against the highest security standards.
You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.
The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.
What you'll do:
Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams

As an AI Security Research Intern in the Autonomous Attack Disruption team, you will join the frontlines of our Defender's mission to stop attacks in near real-time. Under the mentorship of experienced researchers, use AI to analyze real-world attacker TTPs and build systems that autonomously detect and disrupt attacks before adversaries reach their goals, including agentic pipelines and LLM-based threat analysis.

This role requires  a blend of applied security research expertise, AI fundamentals, and engineering skills to deliver production-ready protection at a global scale. This is your chance to see your  AI-powered research transformed into autonomous defense systems that protects millions of users.

Responsibilities
Investigate real-world advanced attacker TTPs and apply AI techniques (LLMs, agentic workflows) to support the development of high-fidelity, AI-augmented protection logic across complex cross-domain kill-chains.
Apply security expertise combined with AI-driven methods to analyze massive telemetry sets using big-data query languages (KQL) and AI-driven analysis, reasoning over data to identify novel malicious patterns and engineer evidence-based detection rules.
Contribute to the design and implementation of AI-powered capabilities that autonomously disrupt sophisticated threats in near real-time.
Assist in the refinement of protection coverage by analyzing real-world attack telemetry to improve the accuracy and performance of existing detection logics. 
Contribute to a strategic feedback loop by documenting findings from attack data analysis to improve overall protection logic and system-wide security posture. 
Partner with engineering, product, and other research teams to translate research insights into production-ready AI systems, helping to validate protection concepts, from prompt engineering to model evaluation, and ship them at a global scale.
Explore and prototype with emerging AI tools and frameworks to accelerate security research workflows and build reusable AI-driven research tooling.

At our company, we move fast. Were an ultra-collaborative company with brilliant people who care deeply about the details. Together, were solving interesting and complex puzzles to keep the worlds data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.
Job Overview:
We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

At our company, we move fast. Were an ultra-collaborative company with brilliant people who care deeply about the details. Together, were solving interesting and complex puzzles to keep the worlds data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.
Responsibilities  
Research for new security issues/vulnerabilities in Cloud Environments & SaaS Applications.
Write proof-of-concept, threat detections, and analytical algorithms.
Analyze logs and behavior of user activities on Cloud Environments & SaaS Applications.
Hunt threat actors & insider threats.
Conduct advanced vulnerability research to deepen platforms understanding, strengthen product security, and responsibly share knowledge with the security community.
Collaboration with R&D groups within the company to implement your latest research.
Evaluate and recommend steps to harden customer's Cloud Environments & SaaS Applications.
Optimizing existing algorithms to reduce false positives and increase the value of our products.
Writing cyber security-oriented blogs and publications.
Follow and evaluate new security threats, attack vectors, and technologies.

PlaxidityX is looking for a brilliant Security Researcher to join our elite team. In this role, you will combine offensive research with product innovation. You will conduct in-depth research and penetration testing on Automotive ECUs , uncovering vulnerabilities at both the hardware and software levels. Additionally, you will act as the 'Red Team' for our vehicle protection systems , simulating sophisticated attacks to ensure our detection capabilities stay ahead of global threats.
?What You’ll Do: ECU & Low-Level Research: Conduct deep-dive security research into Automotive Electronic Control Units (ECUs). Automotive Offensive Research: Analyze automotive protocols and architectures to identify, develop, and implement end-to-end attack vectors. Red Teaming: Serve as the internal adversary for our vehicle protection products. You will execute attacks to validate detection efficacy and provide the offensive 'ground truth' needed to improve our security logic. Collaborate with Data Scientists: Work closely with our Data Science teams to fine-tune AI-based detection features, helping to translate complex exploit behaviors into actionable data features.

Advantages:
Data Science & AI: Experience working with data teams, understanding of feature engineering, or experience fine-tuning AI models based on security domain expertise. OS Internals: High level of expertise in Linux / QNX / Android internals (both user and kernel space). Product Security: Experience building or testing Intrusion Detection/Prevention Systems (IDS/IPS) or EDR/XDR platforms. Automotive Knowledge: Understanding of automotive-specific protocols (CAN, Automotive Ethernet, UDS, etc.) and the ability to implement functional attacks against them.

We are looking for a highly motivated SOC/NOC Analyst to join our operations and security team. This role is responsible for monitoring, detecting, analyzing, and responding to security and network events across the organizations infrastructure and production environments.
The SOC/NOC Analyst will play a key role in maintaining service availability, identifying threats, investigating incidents, and ensuring timely escalation and resolution of operational and security issues. The ideal candidate is detail-oriented, analytical, and able to work effectively in a fast-paced, 24/7 environment.
Key Responsibilities :
Monitor security and network events using SIEM, monitoring, and alerting platforms.
Investigate alerts, anomalies, and incidents related to infrastructure, systems, applications, and network activity.
Perform first-level triage, validation, categorization, and escalation of security and operational incidents.
Respond to incidents involving suspicious activity, service disruption, connectivity issues, unauthorized access attempts, and infrastructure abnormalities.
Open, track, and update incidents in the ticketing system, ensuring accurate documentation and timely resolution.
Support incident response activities, including containment, evidence gathering, and post-incident analysis.
Monitor network performance, uptime, connectivity, and service health across production environments.
Assist in vulnerability management, log analysis, and security control validation.
Maintain runbooks, knowledge base articles, and operational documentation.
Contribute to process improvement initiatives to enhance monitoring coverage, response quality, and operational resilience.
Additional Notes :
This role requires shift-based work as part of a 24/7 monitoring and response function.