לוח משרות דרושים הייטק אבטחת מידע / סייבר עבודה היברידית

we are looking for a AI Security Engineer.
As AI capabilities accelerate across the bank, we need an engineer to design and enforce safe AI usage-protecting customer data, preserving model integrity, and meeting our regulatory obligations. You'll be the architect of guardrails, tooling, and policies that make AI both secure and useful for product and internal teams. This isn't about slowing things down; it's about building the trust layer that lets innovation move fast without breaking things.
What Youll Actually Be Doing:
Design enterprise AI guardrails across Azure and AWS (e.g., Azure AI Studio/Azure OpenAI, Amazon Bedrock/SageMaker): content filtering, PII redaction, prompt/response validation, and policy enforcement services.
Implement data minimization controls for GenAI/RAG workloads: context filtering, least‐privileged retrieval, document-level ACL enforcement, vector store hardening, and secure token/secret handling.
Threat model AI systems (apps, agents, RAG, fine-tuning pipelines) using frameworks like STRIDE and the OWASP Top 10 for LLM Apps; define misuse scenarios (prompt injection/jailbreaks/data exfiltration) and build mitigations.
Build monitoring and telemetry: privacy-preserving prompt/response logging, sensitive-data detection, safety/eval dashboards, drift/abuse signals, and incident hooks into our SIEM.
Integrate AI security into the SDLC: reusable libraries, pre-commit checks, CI/CD gates, policy-as-code, and secure-by-default reference architectures for product teams.
Evaluate third‑party AI vendors and internal apps: security reviews, data residency and retention requirements, SSO/SCIM integrations, DPA/TPRM inputs, and continuous control testing.
Partner across Security, Data, Privacy, and Engineering to map AI controls to FFIEC, SOC 2, and PCI DSS; document control evidence for audits.
Lead/participate in AI red‑teaming: automated jailbreak/prompt‑injection tests, safety benchmarks, purple‑team exercises, and response playbooks for AI incidents.
Enable the org with concise guidelines, examples, and training on safe AI development and usage.

we are looking for a Mid-Level, Security Engineer.
This role focuses on ensuring the security and compliance of cloud infrastructure by implementing and maintaining robust security controls across AWS environments. The position involves automation for security monitoring, adhering to best practices, and collaborating cross-functionally with other teams.
What Youll Actually Be Doing:
Cloud Security Implementation: Contribute to the design and implementation of security measures across AWS environments to ensure systems are secure, compliant, and aligned with industry best practices. Including implementation, automation and development of security policies
Conduct regular security assessments, control testing, and audits to proactively identify risks and vulnerabilities (and support remediation efforts with partner teams)
Collaboration with Internal Teams: Work closely with internal teams to integrate security best practices into development and operational workflows
Security Automation & Infrastructure Management: Design and implement automation strategies for security monitoring, auditing, and incident response
Cost Efficiency through Security: Contribute to cloud cost management by optimizing cloud resources without compromising on security.
Incident Response & Threat Management: Participate in incident response efforts to support timely identification, analysis, containment, and remediation of security threats. Contribute to post-incident reviews, help maintain incident response playbooks, and support internal teams by sharing learnings and updated procedures.

we are looking for a Security Engineering Operations Coordinator.
As the Security Engineering Operations Assistant, you'll be the organizational backbone for the VP, Security Engineering-ensuring requests move forward, deadlines stay visible, and nothing gets lost in the shuffle. This isn't about being an admin; it's about being the force multiplier that lets security leadership focus on strategy and technical priorities while you keep the machine running smoothly.
If you're the person who naturally keeps lists, follows up before being asked, and gets satisfaction from bringing order to chaos-this role was made for you.

we are looking for a talented and experienced r&d platform engineer to join our dynamic team. our organization provides cutting-edge services utilized by both internal cyberark services and external customers. the ideal candidate will be responsible for defining and implementing best practices that can be shared across the company and working on edge technologies on the cloud. this position encompasses all stages of the software development life cycle (sdlc), including design, development, testing, and ensuring high roi on deliverables.
define and implement best practices for the r&d platform.
collaborate with internal and external stakeholders to understand requirements and deliver high-quality solutions.
work on edge technologies and cloud platforms to enhance our services.
participate in all phases of the sdlc, including design, development, testing, and deployment.
ensure high roi on deliverables by optimizing processes and solutions.
share knowledge and best practices across the company to promote a culture of continuous improvement.

looking for an experienced staff software engineer for our new authentication service. you will be responsible for building this core saas service, built on-top of aws using.net, eks, terraform and other cloud technologies. you will be working with an elite team to produce top-notch services at the highest standards, meeting the high security, stability, and performance standards of the largest enterprises in the world. qualifications
solid experience leading the design, development and delivery of features in saas applications
design and implement the infrastructure of the service
bachelors degree in Computer Science or engineering related field/technology elite unit alumni with relevant experience
7+ years of experience with aws
7+ years of experience in.net core
desire to use new technologies and understand them depth-in
proactive by nature, internal drive for excellence and improvement
good communication skills, fluent in english, good writing skills
autodidact, like to learn new things and share with the team
excellent ability to meet deadlines, while consistently striving for high-quality and efficient solutions good knowledge in containers and container orchestration
experience with development in cloud/saas environment (aws serverless architecture/eks is a definite advantage)
solid understanding of security and high scale best practices
experience with modern ci/cd tools, in particular, github, jenkins, and artifactory
deep understanding of various authentication protocols

as our principal architect for identity governance and administration (iga), you will be the visionary lead for our identity lifecycle management, compliance, and access control strategies.
design the integration approach between palo alto services and iga and between the on-prem applications and the iga cloud service. join the iga team to strengthen the overall iga capabilities across palo alto and improve its scalability.

We are rapidly growing, and we seek a GRC Analyst to join our InfoSec team.
In this position you will report to the CISO and will be located in our Israeli office.
Trust is the cornerstone of our fintech SaaS environment, and we are looking for a GRC Analyst to uphold this principle. This role will serve as the primary liaison for both internal risk management initiatives and external inquiries, and for ensuring our internal controls adhere to international standards and frameworks.
Responsibilities:
Policy & Framework Management: Assist in developing and maintaining information security policies and procedures in alignment with international standards such as ISO 27001, NIST, CIS, GDPR, CSA and SOC 2.
Risk & Control Lifecycle: Manage regular risk assessments to identify vulnerabilities and participate in the design, implementation, and testing of security controls to ensure organizational resilience.
Audit & Compliance Monitoring: Coordinate internal and external security audits, managing the collection of evidence and tracking remediation efforts across various business units.
GRC Platform Ownership: Serve as the technical owner of the companys GRC platform.
RFI Lifecycle Management: Act as the primary point of contact for managing the end-to-end process for client security questionnaires and due diligence requests from triage to final submission.
Knowledge Base Architecture: Build and maintain a centralized, AI-assisted repository of approved technical responses covering Security, Privacy, Product Tech (e.g., oAuth, integrations), Legal, ESG, and Finance.
SME Collaboration & Triage: Facilitate cross-functional communication by triaging inquiries and escalating complex technical or legal questions to the appropriate Subject Matter Experts in R&D, Product, Legal, and Compliance.
Technical Trust Documentation: Create and update client-facing collateral, including security white papers, trust center content, and compliance summaries to proactively address stakeholder inquiries.
Process Optimization & Metrics: Evaluate and implement new SaaS tools to automate the RFI workflow while tracking performance metrics like volume and response times to drive operational efficiency.
Stakeholder Enablement: Develop and deliver training materials, wikis, and "How-to" guides to educate GTM and technical teams on the standardized RFI process and SME engagement model.