לוח משרות דרושים מומחה אבטחת מידע / סייבר בתל אביב יפו

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as grows.
Responsibilities:
Own and mature Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

We are looking for an Information Security Coordinator to join the team responsible for ensuring the organizations compliance with the most stringent information security and privacy standards.



Responsibilities:

Manage and maintain security and privacy standards (ISO 27001, ISO 27701, ISO 22301, SOC2).
Lead risk assessments, gap analysis, and audit preparation.
Coordinate penetration tests and periodic security reviews.
Manage audit findings and respond to customer security questionnaires.
Own the Security Awareness program.
Monitor compliance with relevant regulations and work with external vendors.
Support Business Continuity (BCP/DRP) activities.

A Software company, developing a Cloud Security Platform, is looking for a Senior Cloud Security Software Engineer to join her team.

In this role, youll design and build backend components and security features for a scalable cloud security platform, working closely with product, frontend, and infrastructure teams.



What youll do:

Research and adopt new technologies.
Design and implement cloud security features.
Build MVPs for new product capabilities.
Write clean, efficient Go code.
Design data models and database schemas.
Write unit, component, and integration tests.
Debug and troubleshoot production issues.
Participate in code reviews and contribute to team standards.
Collaborate with frontend and platform teams on end-to-end integrations.
Assist with documentation and occasionally represent the product through blogs or talks.

We are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science. We are a cybersecurity firm specializing in advanced adversary simulation and offensive security testing. We deliver Red Team assessments for Fortune 500 companies, simulating sophisticated, real-world attacks across external, internal, cloud and Active Directory environments. Our services span both stealth-based Red Team operations and risk-focused assessments, covering a wide range of attack surfaces including on-premise and cloud environments.

Responsibilities:
Participate in Red Team and Risk assessments under the guidance of senior team members.
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients.
Learn and simulate attacker tactics, techniques, and procedures (TTPs).
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance.
Participate in our internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios.

We are looking for a highly skilled Senior Product Manager to join our Product team and lead the Exposure Assessment domain of the platform.

As the Product Manager leading the Exposure Assessment domain, you will work closely with a highly skilled team of engineers, data stakeholders, and security researchers. Together, you will ensure customers can continuously understand, manage, and reduce exposure across their external attack surface.

This role is ideal for experienced Product Managers with experience working on cybersecurity products, who love to collaborate and communicate with external and internal stakeholders, deeply understand the problems they are solving, and make decisions using customer insights and data.

Responsibilities
Own the Exposure Analysis domain end-to-end, including strategy, roadmap, product flows, and execution.
Lead product discovery and problem definition, using methods such as user interviews, stakeholder interviews, competitive research, workflow mapping, and iterative validation.
Define domain success metrics (KPIs), track progress, and make data-informed decisions to drive measurable outcomes.
Work closely with Engineering, Design, Data, and Security Research to define initiatives, prioritize deliverables, and solve day-to-day product challenges.
Build and maintain strong relationships with customers to understand their security programs and workflows, identify pain points and opportunities, validate direction, and support successful adoption of new capabilities.
Translate product direction into clear, actionable requirements, and communicate them effectively to Engineering, Research, Design, and other stakeholders to enable high-quality execution.
Partner with Sales, Marketing, and Customer Success to align on priorities, support key opportunities, communicate upcoming deliveries, and drive go-to-market activities including enablement and launches.

As a Security Researcher, you will play a crucial role in researching, building, and enhancing our cutting-edge technology to address the evolving cybersecurity challenges faced by the world's largest enterprises.

Responsibilities
Research, develop, and implement new offensive security capabilities that push the boundaries of the EASM category, including exploit development and PoC creation across web applications, AI/LLM assets, network infrastructure, cloud environments, and supply chain dependencies.
Drive innovation by conceptualizing, implementing, and adopting AI-driven initiatives and offensive security expertise to enhance IONIX's detection, validation, and automation capabilities at scale.
Conduct in-depth research to continuously expand platform coverage.
Develop exploitability tests to uncover critical, real-world findings across enterprise attack surfaces - directly demonstrating the power of the IONIX platform.
Collaborate with global enterprises as design partners to understand their security needs and design solutions accordingly.
Take ownership of key research projects, addressing security and scalability challenges from concept through to delivery.

We are seeking a highly disciplined, technically elite Digital Assets Custody Operator to serve as the guardian of multi-asset portfolio.
This is not a typical operations role. You will operate at the very heart of our security architecture, blending precise technical execution with a high-level security mindset. You will be responsible for executing complex cryptographic procedures in secure environments while simultaneously designing the future of our security architecture.
If you are passionate about the deepest intricacies of institutional custody, comfortable with Linux command lines and AI, and ready to proactively defend against emerging threats, we want you.

Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet human.
What you'll do:
Play a lot with the web-browsers, trying to find differences in behavior between them.
Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection
Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.
Understand customer specific requirements, deliver with impact and exceed customer expectations.
Discover adversary tactics, techniques, and procedures leveraged by bots.
Create and validate data insights to enhance detection excellence.
Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.
Find bad stuff on the internet, see if you can figure out how it is done, document it.
Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.
Contribute high impact work that substantially benefits team level metrics and OKRs.
Develop techniques, tools and scripts to simplify yours and others work.

In this role, you'll be a trusted point of contact for physical site security, ensuring daily operations run smoothly and securely. You'll execute established security plans, respond to incidents, and coordinate with onsite vendor guarding teams to ensure standards are met. You'll work collaboratively with business groups and local leaders to support their physical security needs.

Additional responsibilities include but are not limited to:
- Execute and maintain site-specific security procedures and operational plans
- Manage the onsite vendor guarding deployment on a day-to-day basis, ensuring alignment with Apple's standards and requirements
- Serve as the physical security point of contact for business groups across the Herzliya campus
- Respond to and coordinate security incidents, escalating appropriately
- Support the planning and execution of secure events and assignments on site
- Maintain strong working relationships with other supporting functions, EHS, andPlaces teams
- Manage field security requests for short-term and non-recurring assignments
- Support project activities, including attending meetings and communicating updates.

We are seeking a highly skilled and experienced Attack Team Leader to lead a specialized attack team focused on developing offensive, production-ready attack capabilities. This is a research and development (R&D) role at the core of our offensive security efforts. You will be responsible for architecting and delivering advanced low-level attack components used in evasion techniques, red team tooling, and adversary simulations.
You will be hands-on in both leadership and development, guiding technical direction, mentoring engineers, and contributing code to offensive attack components.
The Impact You Will Have
Lead the design, development, and deployment of production-grade offensive capabilities targeting application and OS CVEs exploits
Develop attack components for Windows/Linux including OS-level evasion mechanisms
Implement Python bindings to connect native low-level components with Python-based research tools and automation
Research and develop bypass techniques for modern security controls
Collaborate with the Research Team and other R&D stakeholders to implement and refine offensive concepts
Provide technical mentorship and drive engineering best practices within the team
Harness AI coding agents to streamline the above processes

We are seeking a Cyber Research Architect to join our cutting-edge Research Group. This is a full-time hybrid role where you will play a key part in shaping how our products evolve from a cyber perspective, operating as an innovation hub within the company.

You will have the freedom to explore new domains, identify gaps in our products, and pioneer techniques that will directly shape our product architecture and capabilities. From researching emerging technologies to discovering vulnerabilities and developing advanced attacks, you will push the boundaries of whats possible in automated offensive security.

Roles and Responsibilities:

Lead offensive research and vulnerability discovery across diverse and emerging technologies, identifying novel attack surfaces and spearheading new research domains.
Pioneer research into AI/ML systems and LLM-based applications, uncovering adversarial tactics and developing unique attack vectors.
Directly shape product architecture by converting research insights into scalable, high-fidelity offensive capabilities and sophisticated attack modules.
Architect and build advanced tools and frameworks that automate and scale security research operations across the organization.
Identify and emulate the most sophisticated real-world cyber attacks to continuously evolve the company's automated security validation engine.

We are looking for a versatile and innovative Attack-oriented Cyber Researcher to join our R&D team and become part of the revolution. You will conduct state-of-the-art research across multiple environments, ranging from Windows internals and kernel-level security to cloud platforms like AWS, Azure, Web technologies, etc' to stay one step ahead of real threat actors.

Your findings, your code and attack tools will feed directly into our automated attack platform, enhancing its capabilities with new offensive techniques and AI-powered decision-making algorithms.



Roles and Responsibilities:

Perform in-depth research in multiple areas such from AV/EDR evasion, binary exploitation, vulnerability discovery, and subversion of communication channels across both OS-level, domains, cloud-native domains, external surfaces.
Integrate research outputs into production-grade attack functionalities within our automation ecosystem.
Architect and develop AI-driven decision-making modules that enable the platform to mimic experienced attackers, making real-time choices during automated operations.
Develop production-ready attack capabilities using whatever technologies are necessary, Python, C/C++, C#, Java, Office Macros, Bash, PowerShell, Go, Ruby, Assembly, etc.
Mentor and collaborate with fellow R&D team members, fostering a culture of innovation and continuous learning.

We are looking for an Operational Security Specialist Intern to join our expanding Data Centre team.
As a Data Centre Operational Security Specialist Intern, you will be tasked with driving operational security excellence within our Data Centres. You will write reports, create presentations and communicate with management on the status of physical security operations.
Are you ready to embrace the challenge? Come build the future with us.
Key job responsibilities:
Interface and direct vendors involved in new security construction, repairs, daily security operations and patrols, and planning.
Extract metrics and observe improvements by looking at hard data.
Make suggestions on improving electronic surveillance and access controls.
Direct efforts to educate data center occupants on false alarm reductions.

We are looking for a Threat Intelligence Researcher who can analyze cyber threats and turn technical data into clear, useful insights. You will work closely with a team and clients, create reports, and build simple tools or scripts (mainly in Python) to improve how data is collected and analyzed.
This role requires strong problem-solving skills, good communication, teamwork, and taking responsibility for delivering results.
We are seeking an analytical and experienced Threat Intelligence Researcher to join our team. This is a technical role that necessitates bridging the gap between traditional intelligence analysis and software engineering principles.
You will be responsible for producing strategic and technical intelligence reports and developing automation and scripting solutions for the team.
Specifically, your focus will be on:
Intelligence Reporting: Conduct in-depth investigations and produce comprehensive reports based on customer requests.
Client Engagement: Participate in customer-facing meetings as required to present findings or gather requirements.
Tool Development: Design, implement, and maintain internal tools, scripts, and data scrapers (primarily utilizing Python) to streamline data collection and analysis.
Actionable Intelligence Production: Convert raw technical data into finished, actionable intelligence products, including detailed technical reports, the creation of YARA/Sigma rules, and executive-level briefings.