לוח משרות דרושים הייטק אבטחת מידע / סייבר בשרון

PlaxidityX is looking for a brilliant Security Researcher to join our elite team. In this role, you will combine offensive research with product innovation. You will conduct in-depth research and penetration testing on Automotive ECUs , uncovering vulnerabilities at both the hardware and software levels. Additionally, you will act as the 'Red Team' for our vehicle protection systems , simulating sophisticated attacks to ensure our detection capabilities stay ahead of global threats.
?What You’ll Do: ECU & Low-Level Research: Conduct deep-dive security research into Automotive Electronic Control Units (ECUs). Automotive Offensive Research: Analyze automotive protocols and architectures to identify, develop, and implement end-to-end attack vectors. Red Teaming: Serve as the internal adversary for our vehicle protection products. You will execute attacks to validate detection efficacy and provide the offensive 'ground truth' needed to improve our security logic. Collaborate with Data Scientists: Work closely with our Data Science teams to fine-tune AI-based detection features, helping to translate complex exploit behaviors into actionable data features.

Advantages:
Data Science & AI: Experience working with data teams, understanding of feature engineering, or experience fine-tuning AI models based on security domain expertise. OS Internals: High level of expertise in Linux / QNX / Android internals (both user and kernel space). Product Security: Experience building or testing Intrusion Detection/Prevention Systems (IDS/IPS) or EDR/XDR platforms. Automotive Knowledge: Understanding of automotive-specific protocols (CAN, Automotive Ethernet, UDS, etc.) and the ability to implement functional attacks against them.

we are looking for an experienced, hands-on Chief Information Security Officer to build and lead our security strategy from the ground up. As a fast-growing mature privately held startup, we need a security leader who can balance strategic vision with roll-up-your-sleeves execution. This role is ideal for someone who thrives in dynamic environments and excels at owning and driving Information Security end to end. The CISO will report to the companys COO.
Key Responsibilities 
Oversee our companys end-to-end information security program, ensuring the protection of data, systems, applications, and employees.
Build, lead, and scale a high-performing security team of 5+ professionals.
Develop and implement a comprehensive security strategy aligned with business goals, industry best practices, and regulatory requirements.
Define and monitor company wide security policies, standards, governance frameworks, and technical controls (e.g., firewalls, IDS/IPS, endpoint security).
Lead Governance, Risk, and Compliance (GRC), including risk assessments, vulnerability management, incident response, and maintenance of the organizational risk register.
Drive proactive security monitoring and threat management, including insider threats, phishing, social engineering, credential theft, and emerging risks.
Conduct regular security assessments and partner with business units to identify, prioritize, and remediate vulnerabilities.
Ensure readiness for internal and external audits; manage the audit process with agencies, auditors, customers, and stakeholders.
Select, implement, and manage security technologies, tools, vendors, and processes supporting the organizations security objectives.
Closely collaborate with the IT team, who will be responsible for executing the security policies.
Collaborate with DevOps and engineering teams to strengthen security posture and embed secure-SDLC practices.
Provide executive-level communication and reporting to leadership and the board regarding cybersecurity risks, investments, and priorities.
Develop and deliver organization-wide security awareness and training programs.
Manage the security budget and resources efficiently.

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.

As part of System Architecture group, the Cybersecurity System Architect will define the end-to-end architecture of advanced network security services, such as intrusion prevention systems (IPS), and host-based intrusion detection systems (HIDS) and firewalling. This role is at the forefront of integrating deep security intelligence into high-performance, scalable network operating systems and telecom-grade platforms.
As part of R&D core function, shaping next-generation secure network infrastructure by embedding deep packet inspection, behavioral analytics, and threat mitigation into the product architecture.
Responsibilities
1. Architecture of Integrated Security Services
Define and lead the system architecture for L3-L7 firewalling, stateful inspection, policy enforcement, and application-aware filtering.
Architect integration of IPS, DPI, signature- and anomaly-based detection, and evasion-resilient detection engines into control and data plane systems.
Specify how HIDS capabilities will be embedded or interfaced with NOS components for detecting host-based anomalies and compromise indicators.
2. Threat Detection & Prevention Frameworks
Design scalable architectures that support high-speed signature matching, traffic heuristics, and flow analysis under real-world traffic conditions.
Define mechanisms for rule updates, threat intelligence feeds, and integration of ML-based detection algorithms.
Architect policy engines for complex rule matching, including user-defined policy trees and hierarchical control structures.
3. Secure System Integration
Lead system-level threat modeling and security design reviews across platform, OS, and networking protocol layers.
Define secure communication paths, trust boundaries, and cryptographic protections for sensitive metadata, logs, and update mechanisms.
Ensure proper isolation and sandboxing of inspection/control modules, especially in multi-tenant or containerized environments.
4. Performance and Resilience Considerations
Design architectures to meet line-rate security enforcement, ensuring minimal latency overhead while preserving packet integrity.
Align with the HW Architecture for performance optimized flow offload strategies (e.g. hardware-assisted DPI).

We are looking for an experienced malware researcher to join the team. As a Malware Researcher , you will perform research on source code, compiled code, and various software supply chain attacks. The position requires proven experience in security nomenclature and an understanding of both high-level and low-level attacks.
As a Malware Researcher you will...
Research malicious code in public repositories from various coding languages and technologies
Define and implement ways to automatically detect malicious code in open source software
Write technical reports and outward-facing publications regarding all research subjects mentioned above

We're looking for a Senior Governance, Risk, and Compliance (GRC) Specialist to join our global GRC team. In this critical role, you will help secure the platform that powers the software supply chain for thousands of the world's top organizations.
Reporting to the GRC Manager, you will work alongside a talented team to enhance our security posture, establish GRC best practices, and embed security governance into our fast-paced, DevOps-driven culture. You will be a key advisor, helping to translate complex risks and compliance requirements into actionable controls that support missin.
As a Senior GRC specialist you will...
Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets.
Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2).
Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings.
Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment.
Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with risk appetite.
Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated.
Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members.

we are looking for a SecOps Team Lead.
As the Team Lead of Cloud SecOps & IR, you will be the captain of the front-line defense. You won't just respond to threats; you will build the team and the infrastructure that detects them before they happen. You will lead a group of high-performing engineers to mature our Incident Response program, automate security operations, and partner with R&D and DevOps to ensure our "liquid software" remains secure.
As a Team Lead, Cloud SecOps & IR , you will...
Lead & Mentor: Manage a team of SecOps engineers, providing technical guidance, career development, and performance management
Strategy & Roadmap: Define the vision for security engineering operations, aligning team goals with company-wide KPIs
Incident Command: Act as the primary escalation point for high-priority security incidents, leading the triage, containment, and post-mortem processes
Architect Operations: Oversee the design and execution of vulnerability management, SaaS security posture (CASB), and asset management at scale
Drive Automation: Champion "Security as Code" by leading the development of internal tools (Python/Go) to automate monitoring and remediation
Cross-Functional Partnership: Collaborate with SRE, DevOps, and Product teams to drive holistic fixes for systemic architectural vulnerabilities
Evangelize Security: Build a culture of security across the organization through training, documentation, and proactive risk management

we are looking for a Offensive Security Team Lead.
As an Offensive Security Team Lead, you will spearhead offensive security operations and lead advanced threat research initiatives, playing a pivotal role in safeguarding our organization and customers from evolving cyber threats. You will develop and execute Red Team exercises, simulate real-world attacks, and identify security weaknesses in systems and applications. We seek a highly skilled, proactive tech leader who thrives in challenging environments and is passionate about advancing security research and offensive strategies.
As an Offensive Security Team Lead , you will
Lead, plan, design, and execute Red Team operations, threat modeling, and adversarial simulations against infrastructure and cloud environments
Drive threat research and intelligence initiatives to stay ahead of emerging cyber threats, attack techniques, and vulnerabilities
Develop and execute advanced attack scenarios to assess security defenses and provide actionable recommendations for improving security posture
Collaborate closely with security engineering, DevOps, and software development teams to implement findings and enhance our defenses
Lead the development of tooling, frameworks, and methodologies to automate and optimize Red Team exercises
Mentor and guide a team of security professionals, fostering a culture of innovation, collaboration, and continuous learning
Participate in incident responses when Red Team exercises reveal vulnerabilities, providing expertise on attack techniques, forensics, and post-attack mitigation
Continuously assess and improve security processes, playbooks, and threat detection mechanisms

we are looking for a Developer Advocate.
This role sits at the intersection of engineering, product, and the global developer community. Youll translate technical work across all domains, repositories, security, release management, pipelines, distribution, metadata, AI/ML, and ecosystem integrations, into content, demos, talks, and conversations that developers trust. Youll also bring community insights back into R&D and business teams to influence product direction.
As a Developer Advocate you will:
Represent across developer, DevOps, security, and platform-engineering communities through conferences, meetups, webinars, podcasts, and online conversations
Create high-quality technical content: deep-dive articles, demos, hands-on guides, screencasts, code samples, and social content
Build compelling demos and storytelling around core domains: Artifactory, Xray, Curation, Distribution, Pipelines, Workers, Fly, AI/MCP, and ecosystem integrations like GitHub
Collaborate closely with R&D, Product, Security, Solutions Engineering, Architecture, and Customer Success to deeply understand new capabilities and provide practical feedback
Engage with open source and developer communities, finding new channels and conversations where should have a voice
Partner with Marketing to strengthen messaging while preserving technical credibility
Monitor and report impact across community engagement, content performance, OSS participation, and broader DevRel KPIs

We are looking for a Security Researcher to lead our research team. As a research team lead, you will perform security research on open-source projects in both web and low-level technologies, define how to identify exploitable security issues in an automated manner and develop code for that purpose, publish your findings on new vulnerabilities, and manage a team of highly-trained researchers.
As a Security Research Team Lead you will...
Research CVEs and one-day vulnerabilities from various coding languages and technologies, including PoC development
Define how to find exploitable vulnerabilities automatically & develop code that identifies the instances where a vulnerability is exploitable
Perform security research on various open-source technologies, frameworks, and libraries
Publish your findings about the research subjects mentioned above

. We are looking for a Security Researcher to join the team. As a researcher, you will perform security research on open-source projects in both web and low-level technologies. You will define how to identify exploitable security issues in an automated manner and develop code for that purpose.
As a Security Researcher you will...
Research CVEs and 1-day vulnerabilities in various programming languages and ecosystems
Define how to automatically find exploitable vulnerabilities & develop code that identifies the instances where a vulnerability is exploitable
Perform security research on various open-source technologies, frameworks, and libraries
Write technical reports regarding all research subjects mentioned above

The CSO Office is seeking an Application Security Team Lead. In this role, you will manage an application security team that focuses on building and running tools to secure the application landscape at scale, as well as conducting vulnerability research. You will work closely with the R&D and DevOps teams and serve as the focal point for identifying and resolving complex security challenges.
This is a hands-on Team Lead position, a development-focused role that ensures products adhere to the stringent security requirements of our thousands of customers.
As an Application Security Team Lead you will
Build, lead, and mentor a team of AppSec Engineers
Lead the development of Internal Security tools and AI agents
Design and implement SSDLC practices and automated security controls across the CI/CD pipeline
Build and operate scalable vulnerability management frameworks across cloud-native services and SaaS products
Integrate security into Agile and DevOps processes, including threat modeling, SAST, DAST, and SCA
Partner with development and DevOps teams to embed security early and often
Contribute to secure code reviews and assist with remediation strategies
Track, triage, and report vulnerabilities across product lines
Provide technical leadership and drive adoption of secure development best practices
Define and measure AppSec KPIs and drive continuous improvement

we are seeking a Junior Cybersecurity Architect (GRC & Risk) to support governance, risk analysis, and security process design. The role focuses on translating security findings into structured mitigation plans and improving methodologies and frameworks-without hands‑on technical configuration.You will work with CISOs, security leaders, engineering teams, and customers on due diligence, maturity assessments, and development of security processes and documentation.

Responsibilities
Conduct customer and third‑party security assessments and questionnaires.
Lead or support mitigation workshops and build actionable remediation plans.
Develop and refine methodologies, processes, and architectural guidelines.
Map technical findings to governance, risk, and control gaps.
Perform NIST CSF 2.0-aligned maturity assessments.
Produce clear reports and executive summaries.
Maintain internal documentation and ensure framework alignment.

This position is intended for a candidate with a background in security engineering who is looking to transition into a cybersecurity architecture role. The role focuses on reviewing cloud and SaaS environments, assessing the effectiveness of security controls, and supporting security maturity assessments and mitigation planning activities.This is a junior‑level architecture role with an emphasis on technical analysis, control review, and security design assessment. The position prioritizes architectural evaluation and advisory activities over hands‑on implementation.

Responsibilities
Perform security maturity assessments, including reviews of technical controls, configurations, and architectural designs, aligned with the NIST CSF 2.0 cybersecurity framework.
Conduct technical configuration and control reviews of cloud environments and SaaS platforms (read‑only / observer role).
Analyze security architectures and technical implementations to identify gaps, risks, and improvement opportunities.
Translate technical findings into clear architectural observations and recommendations.
Produce structured assessment reports and technical findings for both technical and non‑technical audiences.
Maintain internal technical documentation and contribute to architectural knowledge within the team.
Collaborate with R&D and product teams on ad‑hoc cases as a cybersecurity technical subject‑matter contributor.