לוח משרות דרושים הייטק אבטחת מידע / סייבר משרה מלאה

At our company, we move fast. Were an ultra-collaborative company with brilliant people who care deeply about the details. Together, were solving interesting and complex puzzles to keep the worlds data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.
Responsibilities
Research for new security issues/vulnerabilities in Cloud Environments & SaaS Applications
Write proof-of-concept, threat detections, and analytical algorithms
Analyze logs and behavior of user activities on Cloud Environments & SaaS Applications
Hunt threat actors & insider threats
Collaboration with R&D groups within the company to implement your latest research
Evaluate and recommend steps to harden customer's Cloud Environments & SaaS Applications
Optimizing existing algorithms to reduce false positives and increase the value of our products
Writing cyber security oriented blogs and publications
Follow and Evaluate new security threats, attack vectors, and technologies

Join our research and development team as a Digital Forensics and Incident Response Researcher within the company's MDDR Research team. In this role, you will play a crucial part in cyber defense, specifically focusing on conducting research on big data and Investigation algorithms. Your primary responsibilities will revolve around research and development of forensic investigations on big data, demanding a high level of proficiency in coding, particularly in Python.
As a key contributor, you will closely collaborate with our global DFIR, and engineering teams, actively participating in product development and reinforcing our global team operations. This role requires substantial experience in digital forensics and incident response, making your expertise essential in delivering advanced research capabilities.
If you are passionate about cybersecurity and have an extensive background in DFIR and development experience, this is the perfect opportunity for you to make an impact and advance your career. Join us on the front lines of cyber defense and help protect our customers from the ever-evolving threat landscape.
Responsibilities
Conduct research on big data and develop complex Investigation algorithms.
Collaborate closely with our engineering teams to enhance functionality of our security platform to better support your research.
Evaluate the success and accuracy of your research, identifying areas for improvement in the process.
Study and analyze threats discovered by our global DFIR team, contributing to a comprehensive understanding of emerging cyber threats.

We are looking for a Director of Product Security to join our R&D organization and take full ownership of our company's product security initiatives. In this key leadership role, you will spearhead the development and implementation of our comprehensive security strategy, encompassing both SaaS and on-premises solutions.
Responsibilities:
Develop and lead the strategic vision to manage both internal and external risks associated with our company's products and solutions.
Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
Drive secure development lifecycle and integration of security features into all phases of software design and development, including advising on proper software architecture security standards.
Vulnerabilities management - Identify and facilitate remediation of application and cloud platform exposures and vulnerabilities, including implementation of relevant systems and tools for these purposes.
Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
Research new application security tools and technologies as requested and evaluate options that enhance security capabilities.
Lead compliance gap analysis and implementation (such as SOC2, SOC3, FedRAMP)
Work closely with R&D groups - Dev teams, Platform, DevSecOps and DevOps teams, to enhance application and platform security on all layers, including monitoring and enforcement.
Conduct periodic pen testing against our Saas Platform components.

We are seeking a R&D Group Leader to join our expanding team dedicated to developing cutting-edge cybersecurity products from the ground up.
If you possess exceptional technical and leadership skills and have a passion for creating new applications or enhancing existing ones, we would love to meet you.
Responsibilities
Build a high performing, multidisciplinary engineering team (BE, Endpoint, Automation)
Partner with PM to deliver a new and exciting roadmap
Oversee the entire software development lifecycle, from initial concept to production deployment.
Drive innovation and continuous improvement within the group, fostering a culture of excellence and accountability.
Ensure adherence to best practices in software development, including code reviews, testing, and documentation.
Mentor and develop group members, providing guidance and support to help them achieve their professional goals.
Manage project timelines, resources, and budgets to ensure timely delivery of projects.
Communicate effectively with stakeholders, providing regular updates on project status and addressing any issues or concerns.

We are in search of a skilled and motivated Security Researcher to join our team.
As a Security Researcher, your primary focus will be on creating and researching anomaly and behavioral based threat models, dissecting attack techniques, and leading proactive threat-hunting endeavors across a spectrum of domains, including cloud infrastructures (with a specialized emphasis on Office 365 and Azure), network security, proxies, firewalls, DNS, Active Directory, Azure Active Directory, and SharePoint, and product security.
Your role will require a profound comprehension of security concepts and a forward-thinking approach to identifying and writing detections for potential risks.

Position Overview:
our MDR team is at the forefront of worldwide data detection and response services. We lead and redefine how data should be monitored, and protected and how data breach incidents should be handled. Its a 24/7 global security service assisting customers to investigate and respond to security incidents.
We are seeking an experienced MDR Team Lead who will oversee a team of MDR Security Analysts. This oversight includes training and developing the knowledge and skills needed to execute the MDR mission, ensuring adherence to all operating policies and procedures, ensuring the delivery of the MDR service within all SLAs, and serving as a point of technical and operational escalation for MDR analysts. Data is the #1 target of attackers, and our company's Managed Data Detection and Response (MDDR) customers entrust our team with the security of their data. MDR Team Leads are the lynchpin of MDR operations, ensuring the team is working 24x7 to monitor, triage, investigate, and escalate incidents where data is at risk and to ensure we meet operational SLAs.
Responsibilities:
Technical and operational escalation point for investigations, incidents, and other elements of the MDR service.
Assist in the development, documentation, analysis, testing, and modification of our companys threat detection systems, playbooks, runbooks, and MDR team operations.
Continuously train the team so they are equipped with the required skills and knowledge to effectively execute the MDR service.
Validate findings and coordinate investigative efforts with customers and internal teams.
Ensure all investigative findings are documented and communicated appropriately by the team, including tracking in CRM.
Maintain up-to-date knowledge of all aspects of our companys MDR service.
Oversee and execute programs, projects, operational tasks, and responsibilities related to the MDR service.
Conduct regular performance reviews and quarterly SWOT analyses to drive team growth and development.

Position Overview:
our MDR team is at the forefront of worldwide data detection and response services. We lead and redefine how data should be monitored, and protected and how data breach incidents should be handled. Its a 24/7 global security service assisting customers to investigate and respond to security incidents.
A Senior (Level 3) Security Analyst within our MDR team is expected to serve as their teams technical lead and a key escalation point for complex security incidents.
In your role, you will lead complex investigations, working directly with customers by assisting them in investigating and responding to security incidents.
As a senior staff in your team, you are expected to mentor junior analysts, and drive continuous improvement of our detection and response capabilities. You will collaborate with internal and external stakeholders, and ensure best practices are followed across monitoring, detection, and incident response processes. This position requires a strong foundation in cybersecurity operations, a deep understanding of SIEM technologies and log sources, as well as the ability to train and document processes for others.
Responsibilities:
Incident Escalations & Investigations
Serve as an escalation point for security alerts and incidents, ensuring timely and thorough investigations.
Perform end-to-end incident handling, including scoping, containment, and eradication activities.
Coordinate and communicate with customers, leadership, and other stakeholders throughout the incident response lifecycle.
Understand, interpret, and analyze a diverse range of log sources (Exchange Online, Entra, Active Directory, Windows events, Azure, DNS, VPN, etc.).
Proactively identify potential threats and anomalies, recommending and implementing improvements in detection logic.
Training & Mentorship:
Assist in training and upskilling junior and mid-level analysts, including sharing best practices in investigations, threat hunting, and emerging threats.
Provide guidance in troubleshooting escalated issues, ensuring efficient knowledge transfer and professional growth within the team.
Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
Provide feedback on gaps or improvements needed in processes, documentation, or technology.
Work closely with Team Leads and other senior staff to align on operational goals, SLA adherence, and service delivery standards.
Communicate findings, root causes, and recommended actions to both technical and non-technical stakeholders clearly and effectively.
Share insights and best practices with the broader team, championing a culture of continuous learning.

Were looking for a Cybersecurity Threat Detection & Response Engineer to lead and grow this critical function as part of our expanding security team. This role will focus on evolving Ponteras detection engineering, incident response, and security automation capabilities to support our growing organization and evolving threat landscape.

Youll join a mature and collaborative environment where foundational work has already been laid, and you'll have the opportunity to advance how we detect, investigate, and respond to threats - with the support of strong cross-functional partnerships and best-in-class tools.

RESPONSIBILITIES

Detection Engineering
Develop, tune, and maintain detection rules, correlation logic, and alerting workflows within our SIEM.
Integrate high-quality telemetry from cloud environments, infrastructure, SaaS applications, and internal systems.
Collaborate with Engineering and DevOps to improve visibility, signal-to-noise ratio, and logging coverage.
Automation & Enrichment
Design and implement enrichment and response automation (e.g., SOAR platforms, serverless functions).
Explore and integrate LLM-based agents or AI-enhanced triage/classification tools where practical.
Continuously improve response playbooks, integrations, and automation pipelines.
Incident Response Leadership
Serve as the operational lead for security incident response, from triage through resolution and post-incident review.
Maintain and evolve IR runbooks; lead tabletop exercises to strengthen organizational readiness.
Coordinate investigations across Security, Engineering, GRC, IT, and Legal as needed.
Metrics & Reporting
Own and continuously improve dashboards and reporting that track key detection and response KPIs (e.g., MTTR, detection coverage, false positive rates).
Deliver data-driven insights to security and engineering leadership to inform strategy and operational improvements.
Case Management
Take responsibility for the case management lifecycle across detection, triage, and incident handling.
Ensure the incident handling process is tightly integrated with automation, documentation standards, and relevant security tooling.
Evaluate opportunities to enhance case tracking infrastructure in alignment with program growth and maturity.
Collaboration & Growth
Partner cross-functionally with teams in Engineering, DevOps, IT, Privacy, and GRC.
Support ongoing vendor relationships and bring a continuous improvement mindset to tooling and processes.

If you're eager to launch or accelerate your cybersecurity career in a high-growth tech company, this is your opportunity to learn, contribute, and grow alongside some of the best in the industry.



JOB RESPONSIBILITIES
Monitor and analyze security alerts and logs using advanced monitoring and detection systems.
Triage and respond to Tier-1 security incidentsinvestigating root causes, mitigating risks, and documenting findings thoroughly.
Assist in strengthening AWS cloud security configurations with a focus on the principle of least privilege.
Support the deployment, maintenance, and fine-tuning of security tools and processes.
Collaborate with cross-functional teams to proactively identify threats and enhance overall security posture.
Be part of an on-call rotation, including weekends and holidays, to ensure continuous protection.

We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.

The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.


RESPONSIBILITIES

Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support security and privacy obligations.
Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
Manage customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.

We are seeking an experienced Application Security Architect to join our Cyber Team. As an Application Security Architect, you will be responsible for overall Application Security standards, guidelines, and requirements for different groups in our vompany. Your expertise in secure architecture, design, and SSDLC will play a crucial role in ensuring the security of our products and the protection of our sensitive financial data. This is a strategic position that offers an opportunity to shape and drive the security initiatives of our cutting-edge fintech solutions.

What youll do:
Review and approve secure architecture designs for all developments for our customers, partners, integrators or in-house solutions, considering best practices, regulatory requirements and business objectives.
Assist in creating or researching for security solutions solving security challenges, both on-prem and in the cloud.
Collaborate with cross-functional teams (mainly R&D and DevOps/DevSecOps) to define security requirements and design robust security controls for systems, both on-prem and in the cloud.
Provide technical guidance and expertise to internal teams in selecting and integrating in-house solutions or third-party vendors.
Design and implement cloud security solutions, such as network security, identity and access management, data protection and encryption.
Stay up-to-date with the latest security technologies, threats, and trends, and provide recommendations for continuous improvement.
Serve as a subject matter expert on application security, providing guidance and mentorship to other teams in the company.

Be the guardian of trust in a fast-moving fintech world. As a GRC Security Specialist, youll lead cybersecurity governance, drive compliance with global standards (SOC 2, PCI-DSS, NIST), and partner with tech and legal teams to embed security into every layer of the business. If you live and breathe risk, regulation, and resiliencethis is your arena.

Hybrid.
Full-time.

What youll do:
Developing and maintaining policies, procedures, and controls to ensure compliance with regulatory, legal, and audit requirements, as well as best business practices.
Creating a cybersecurity compliance strategy and ensuring alignment with contractual obligations and globally recognized standards and guidelines.
Identifying regulatory, legislative, and industry-specific compliance requirements and defining controls to meet them.
Conducting and participating in periodic internal reviews or audits to ensure compliance procedures are followed.
Overseeing and evaluating compliance systems to ensure their effectiveness.
Compiling and presenting reports to management on compliance activities and progress.
Staying up to date on industry developments, regulatory trends, and best practices to assess their impact on the organization.
Designing and implementing improvements in compliance communication, monitoring, and enforcement mechanisms.
Developing and executing a compliance awareness program, including the creation and distribution of materials for all employees.
Partnering with Legal and IT teams to manage data protection agreements and compliance initiatives.
Leading the development and execution of company-wide security awareness and training initiatives.
Assisting in incident response planning and investigations when necessary.

Required Microsoft 365 Security
Work youll do:
As a Microsoft 365 Security Senior Consultant, you will be at the front lines with our clients supporting them with their Cloud Cyber Risk needs specifically helping them navigate the journey on securing their Microsoft 365 (M365) platform. This will include:
Function as senior engineer/consultant for the following Microsoft technologies: Purview, Intune, Sentinel, Security Copilot, Entra ID, Defender for Office, Defender for Endpoints and Servers, Defender for Vulnerabilities, Defender for Cloud Apps, Defender XDR and SCCM
Conduct cloud security analysis, recommendations and configurations of prospective clients Microsoft Entra ID, Office 365 (O365), Exchange Online, Teams, OneDrive for Business, and SharePoint Online environments based on our Microsoft 365 Cyber Risk Framework. This can include Microsofts cloud solutions such as Entra, Purview, Defender, Intune, and Sentinel.
Assist clients with transitions to the Microsoft 365 security services such as solution setup and service configuration, focused on risk mitigation. Additional technologies include Entra ID, Purview Compliance Manager, M365 Defender, Defender for O365, Defender for Cloud Apps (MDCA), Purview Information Protection (MPIP), Purview Data Loss Prevention (DLP).
Execute on M365 security engagements during different phases of the lifecycle Discover, Assess, Design, Deploy/Test, Hypercare/Handover.
Implement industry leading practices around M365 cyber risks and cloud security for clients.
Acting as a subject matter expert on cloud cyber risk for Microsoft Purview, Microsoft Intune, Microsoft Defender, and Microsoft Sentinel capabilities.

Required GRC Cyber Security Consultant
Our Cyber & Strategic Risk practice provides numerous opportunities to collaborate with industry-leading clients and projects.
The practice offers technological resources to aid clients in addressing their most significant challenges.
As a Senior Cyber Security Consultant, you will be part of a team that assists clients in designing and implementing transformational enterprise security programs, organizational structures, and capabilities to more effectively manage cyber risks aligned with business priorities.
Responsibilities:
Leading Client Engagement: Leading, guiding, and advising clients both domestically and internationally on cyber security projects based on methodology, regulation, and standards.
Leading Security Assessments: Conducting cyber risk assessments within various organizations across different sectors such as government, technology, and pharmaceuticals.
Advisory and Develop and implement: Developing business continuity plans (BCP), cyber security and maturity programs, secure architectures, policies, and information security procedures.
Collaboration: Working with other teams on large technology transformation projects, including those involving Cloud, SAP, Oracle, and Salesforce.