לוח משרות דרושים מומחה אבטחת מידע / סייבר

we are seeking a skilled Project Manager to lead our Management Penetration Testing & Cyber Assessments team. Project Manager specializing in penetration testing and Cyber security assessments Responsibilities:
* Define and manage work plans for the execution of penetration tests and Cyber security assessments.
* Conduct meetings with system owners and stakeholders to gain familiarity with technological environments.
* Define and document the scope of cyber surveys and penetration tests, including application, infrastructure, and secure development (SSDLC) assessments
* Manage negotiations and engagements with external penetration testing and cyber assessment vendors.
* Lead penetration tests and surveys end-to-end, coordinating between external vendors and internal system owners.
* Review draft reports and validate findings.
* Support system owners in remediation activities, including re-testing and verification of findings closure.
* Perform Cyber security surveys related to supply chain security, including assessments of external service providers.
* Prepare presentations summarizing activities, findings, and risk insights.
* Work in a matrix organizational environment, coordinating and driving collaboration with stakeholders within and outside the Cyber Division.
* Interface with a wide range of internal stakeholders and external parties (vendors, integrators, service providers, etc.).
* Mobility required - ability to travel across Ben Gurion Airport campus and Authority sites
* Strong interpersonal skills and the ability to independently lead and drive activities.

Our mission is to constantly disrupt the industry by creating new, groundbreaking technologies to help dealers build stronger, more resilient businesses. Our work happens in the fast lane as we work to bring AI and data-driven solutions to a quickly evolving industry.
Our team at our company is made up of curious and creative individuals who are always looking to achieve the impossible. We are bold, collaborative, and goal driven, and, at our core, we believe every voice has value and can impact our bottom line.
We are looking for an AppSec Engineer to join our team and make a real impact on our Secure Software Development Lifecycle! As an AppSec Engineer your mission will be to be the driving force behind our secure development lifecycle. You wont just find bugs; you will help build the systems that prevent them. You will have the opportunity to help navigate the "Agentic Era" by building autonomous security guardrails, securing LLM-based workflows, and empowering developers to move fast without breaking security.
This is a mid-level role reporting to the AppSec Architect and can be based out of our Tel-Aviv or Jerusalem offices.
What you will be responsible for
Build & automate: Develop and maintain internal security tooling, automated workflows, and AI security agents.
Code integrity: Execute secure code reviews and provide actionable remediation guidance to engineering teams.
Vulnerability management: Lead the tracking, triaging, and reporting of security flaws across all product lines.
Best practice advocacy: Drive the adoption of secure coding standards, partnering with R&D and DevOps teams to embed security early and often.
Extend our D&R capabilities: Build scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents.
Document: Draft requirement documents for security products and innovative technologies.

We are seeking a highly motivated and analytical Information Security Consultant to join our team. As an Information Security Consultant, you will be responsible for performing a variety of IT audit activities for SaaS start-up companies including planning, fieldwork, and reporting. You will have the opportunity to work with a diverse group of clients and industry sectors while developing your technical and professional skills.
Job Description:
Assist with the planning and execution of information security audits
Identify and evaluate information security risks, controls, and business processes
Understand and evaluate the impact of emerging technologies on client operations
Communicate audit findings and recommendations to clients and management
Contribute to the development of audit methodologies, tools, and best practices.

Are you passionate about staying one step ahead of cyber threats? Do you thrive at the intersection of deep technical expertise and strategic leadership?
We're looking for an exceptional Offensive Security & Research Team Leader to drive cutting-edge offensive operations, lead a team of elite security professionals, and shape the future of cyber resilience.
In this role, you'll lead hands-on red team activities, threat research, and vulnerability discovery-pushing the boundaries of what's possible in cyber offense. You will work closely with product, engineering, and executive stakeholders to translate complex attack scenarios into real-world risk mitigation strategies.
This is more than a leadership position-it's an opportunity to build and scale a high-impact team at the forefront of the cybersecurity landscape.
Job Description:
Lead a high-performing offensive security team specializing in red teaming, threat emulation, advanced adversary simulation, and vulnerability research.
Mentor and grow team members, fostering a culture of continuous learning, innovation, and operational excellence.
Promote a culture of innovation, encouraging curiosity and technical excellence within the team.
Translate technical discoveries into operational insights that enhance offensive engagements and deliver clear value to clients
Collaborate cross-functionally with our company's cyber offensive and defensive teams
Develop and maintain internal tools and methodologies that enhance offensive capabilities, automation, and reporting accuracy.
Design and execute tailored offensive engagements, including full-scope red team operations, assumed breach scenarios, and social engineering campaigns.

We are looking for a hands-on Cloud Security Lead to own and continuously improve the security posture of our applications, infrastructure, and cloud environment. This role is both strategic and deeply technical, with full responsibility for embedding security into our engineering culture and software development lifecycle.
You will work closely with R&D, DevOps, and Product teams to design secure systems, proactively identify risks, and protect the company against evolving threats.
This role is critical to protecting our systems, customers, and business as we scale. You will shape how security is built, tested, and operated - ensuring security enables growth rather than slowing it down.
Your Arena - Know your impact 💥
Serve as the primary owner of application, infrastructure, and cloud security.
Continuously assess and improve our security posture through offensive and defensive security practices.
Design, implement, and maintain security controls to protect against modern threats.
Embed security into the secure Software Development Lifecycle (sSDLC).
Lead penetration testing, threat modeling, and incident response efforts.
Build and operate security monitoring, alerting, and automated detection tooling.
Promote a strong security-first culture across R&D and the wider organization.

We are seeking an experienced Security Engineering leader to lead our companys Next security engineering practice. The head of security engineering will lead a team of highly talented security engineers and architects in different cybersecurity domains including (but not limited to): cloud security, application security, data security, identity and access management, security monitoring, detection and response and more.
We are looking for an expert with leadership skills, to be the main focal point across the company for everything related to the above domains and support our companys transformation into leadership in the cybersecurity market.
What youll do:
Lead, mentor and scale multidisciplinary security teams
Engage with cyber security leaders across all business sectors
Assist organizations with securing their public cloud infrastructure, applications and data
Conduct risk assessments for different public cloud environments
Develop cyber security assessments and controls implementation methodologies and best practices
Partner closely with our customers engineering, DevOps, and IT teams
Engage with our companys Next partners such as: Google, AWS, Microsoft and others to provide state of the art solutions to our customers
Serve as a senior advisor to our companys leadership.

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.we ate a cybersecurity firm specializing in advanced adversary simulation and offensive security testing. We deliver Red Team assessments for Fortune 500 companies, simulating sophisticated, real-world attacks across external, internal, cloud and Active Directory environments. Our services span both stealth-based Red Team operations and risk-focused assessments, covering a wide range of attack surfaces including on-premise and cloud environments.
Responsibilities:
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

we are looking for a Cyber Security Researcher II.
The Security Researcher role involves developing detection methods and techniques to identify emerging threats for customers. Collaboration with researchers, data engineers, and product teams is essential to convert threat intelligence into actionable analytics. The position emphasizes hands-on work, research-focused tasks, and teamwork to address real-world security challenges effectively.
In this role you will be:
Designing, building, and validating new detections across large-scale customer and cloud telemetry, transforming threat research into impactful results.
Developing AI-powered techniques to improve detection precision, prioritization, and automated investigative functionalities effectively.
Analyzing various data sources like forensics, Active Directory, network, and cloud to identify threats and anomalies.
Collaborating with data scientists, engineers, and researchers to implement detection methods and enhance accuracy, scalability, and resilience.
Leading key research initiatives and proofs-of-concept, shaping Hunt's detection and analytics platform's strategic direction in hybrid and cloud-native environments.
Translating investigations into clear recommendations while communicating insights and findings effectively to customers.

Job description Appdome is looking for a talented, passionate Offensive Researcher to join our innovative research team. If you’re eager to explore cutting-edge mobile security techniques and help safeguard the mobile app ecosystem, this is the role for you! As a key player in our security team, you'll design and execute sophisticated attack simulations on the Appdome platform. Your work will touch on diverse attack vectors, including file systems, networks, jailbreaks, memory injections, and more.

We are looking for an experienced Security Lead to join our team and play a key role in securing and scaling our production environments. This is a hands-on position with direct impact on system reliability, security posture, and operational excellence across the organization.

Responsibilities:

Own day-to-day security operations in a fast-moving, cloud-native environment

Lead end-to-end incident detection, investigation, and response

Own and operate core security tooling (SIEM, CSPM, CNAPP, SSDLC, EDR)

Work closely with R&D, DevOps, and IT to bake security into development and operations

Build and maintain incident response runbooks and security playbooks

Own security compliance and GRC efforts, including SOC 2

We are backed by top-tier global investors, including Sequoia Capital, Ribbit Capital, and Cyberstarts-firms known for supporting the most innovative and influential companies in technology and cybersecurity.

In this role, you will be responsible for:

Tracking and evaluating crypto-focused cybercriminals, including the tools, techniques, and procedures (TTPs) used by attackers, their motivations, and industry-wide trends.
Producing and presenting intelligence reports on relevant threat groups and campaigns, detailing methodologies and the motivations driving the activities.
Conducting research into both on-chain and off-chain crypto attack vectors, identifying attacker interests, and uncovering root causes behind incidents.
Assisting in the development of prevention strategies and detection mechanisms to mitigate future attacks.
Collecting and managing information from diverse sources such as social media platforms, messaging apps, forums, the dark web, news feeds, and other open and covert channels.
Utilizing advanced tools and investigative techniques, including OSINT and HUMINT methodologies, to generate accurate and relevant intelligence.
Communicating with customers regarding potential risks and threats, as well as working closely with Customer Success, Marketing, and Sales teams.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization. In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.

A day in the life and how youll make an impact:

Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

Lead, mentor, and manage a team of analysts and incident responders, fostering a culture of continuous improvement and collaboration.
Oversee real-time monitoring, analysis, and escalation of security events using SIEM, SOAR, and other security tools.
Develop, implement, and optimize SOC processes, playbooks, and standard operating procedures.
Coordinate incident response activities, ensuring timely investigation, containment, eradication, and recovery from cyber incidents.
Serve as the primary point of contact for major security incidents, coordinating with internal stakeholders and external partners as needed. Ensuring effective communication and coordination among stakeholders throughout the lifecycle of security incidents.
Stay informed on the latest cyber threats, vulnerabilities, and regulatory developments to adapt the organizations security posture proactively.
Prepare and deliver regular reports, metrics, and presentations to executive management regarding Cyber Defense Center's performance and emerging risks.
Support compliance efforts and audits related to cybersecurity frameworks (e.g., SOC2, ISO 27001).
Manage Cyber Defense Center's technology stack, including evaluating and recommending tools and solutions for threat detection and response.
Establish and lead a dedicated purple team to enhance detection, response, and resilience against threats.

We are seeking a highly skilled and experienced Security Operations Center (SOC) & Incident Response (IR) Specialist to join our security team. This role requires a deep understanding of cybersecurity threats, incident response, forensic, and advanced threat hunting techniques. The ideal candidate will possess a strong technical background, excellent problem-solving skills, and a passion for protecting our organization's critical assets.

Responsibilities:
Lead complex incident response efforts and perform deep investigations across logs, network traffic, and other data sources.
Develop and implement effective incident response plans and playbooks.
Threat Hunting: Proactively identify and investigate advanced threats and vulnerabilities.
Develop and implement threat hunting strategies to stay ahead of emerging threats.
Oversee SOC operations by monitoring, analyzing, and responding to security events while ensuring effective use of security tools and continuously improving operational processes.
Ensure effective utilization of security tools and technologies.
Work at a high technical level and be capable of identifying threats, and threat vectors that cause security events.
Design, develop, and maintain security automations and SOAR workflows to streamline SOC operations, reduce manual effort, and significantly accelerate incident detection, investigation, and response.
Initiate and lead continuous improvement initiatives aimed at optimizing operational workflows, enhancing detection and response capabilities, and expanding overall security coverage across the environment.
Research emerging threats and develop new detection use cases to enhance threat identification and prevention capabilities