לוח משרות דרושים מומחה אבטחת מידע / סייבר

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.

Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

As an Endpoint Administrator - Managed Services within the Infinity Global Services (IGS) team , you will work as part of the global Managed Endpoint Services team supporting customers across multiple regions.
This is a hands-on, customer-facing technical role responsible for managing, troubleshooting, and optimizing endpoint environments while ensuring high-quality service delivery.

You will work closely with global team members and customer stakeholders to resolve endpoint-related issues, maintain endpoint protection platforms, and ensure consistent and reliable device performance.

Working hours: Sunday-Thursday, 07:00-16:00 IL time, aligned with the global follow-the-sun services model.
Work model: Hybrid (office + home).

Key Responsibilities
Serve as a frontline technical contact for customers and handle incoming service requests through the ticketing system.
Provide day-to-day endpoint administration and troubleshooting for Windows, macOS, and mobile devices.
Deploy, maintain, and troubleshoot endpoint protection agents and related security components.
Participate in working sessions with customers to diagnose issues and recommend solutions.
Coordinate with global team members to ensure proper handover and continuous service delivery.
Document actions, investigations, and resolutions clearly and accurately.
Identify recurring issues, propose improvements, and escalate concerns when needed to enhance customer experience.

We are looking for a Cyber Threat Intelligence Analyst to be an integral part of our Intelligence teams, combining both cutting-edge technology and advanced threat intelligence analysis methodologies to deliver high-impact briefings to our customers.

Key Responsibilities
Learning the customer needs and PIRs, configuring their tailored environments in the ERM intelligence platform and supporting the customers with tuning/training throughout engagement
Monitoring and analyzing threats targeting customers, or issues in their digital exposure, in order to produce actionable intelligence alerts and reports.
Investigating intelligence sources, threat actors, attack tools and techniques
Identifying and developing ERM data sources to collect the most relevant intelligence (darknet, forums, social media, marketplaces, etc.) as well as creating and maintaining avatars on these.
Developing the proprietary intelligence platform by surfacing new modules, capabilities and features
Joining meetings with prospects and clients to present deliverables.
Drive cooperation & feedback loops with other ERM teams
We are looking for a Cyber Threat Intelligence Analyst to be an integral part of our Intelligence teams, combining both cutting-edge technology and advanced threat intelligence analysis methodologies to deliver high-impact briefings to our customers.

Key Responsibilities
Learning the customer needs and PIRs, configuring their tailored environments in the ERM intelligence platform and supporting the customers with tuning/training throughout engagement
Monitoring and analyzing threats targeting customers, or issues in their digital exposure, in order to produce actionable intelligence alerts and reports.
Investigating intelligence sources, threat actors, attack tools and techniques
Identifying and developing ERM data sources to collect the most relevant intelligence (darknet, forums, social media, marketplaces, etc.) as well as creating and maintaining avatars on these.
Developing the proprietary intelligence platform by surfacing new modules, capabilities and features
Joining meetings with prospects and clients to present deliverables.
Drive cooperation & feedback loops with other ERM teams

We are looking for a Cyber Threat Intelligence Analyst to be an integral part of our Intelligence teams, combining both cutting-edge technology and advanced threat intelligence analysis methodologies to deliver high-impact briefings to our customers

Key Responsibilities
Learning the customer needs and PIRs, configuring their tailored environments in the ERM intelligence platform and supporting the customers with tuning/training throughout engagement
Monitoring and analyzing threats targeting customers, or issues in their digital exposure, in order to produce actionable intelligence alerts and reports.
Investigating intelligence sources, threat actors, attack tools and techniques
Identifying and developing ERM data sources to collect the most relevant intelligence (darknet, forums, social media, marketplaces, etc.) as well as creating and maintaining avatars on these.
Developing the proprietary intelligence platform by surfacing new modules, capabilities and features
Joining meetings with prospects and clients to present deliverables.
Drive cooperation & feedback loops with other ERM teams

we are seeking a Senior Vulnerability Researcher. In this role, you will research various cloud assets, roles, relations, and configurations to uncover 0-day vulnerabilities in major cloud providers and technologies. You will lead innovation, solve complex problems, and develop strategies for both attacking and defending cloud environments.
Furthermore, you will be in charge of fostering and spreading Cloud Securitys technical expertise. You will present your novel work at conferences and author papers and blogs. You will also build open-source cloud security tools and solutions.
If youre a curious, creative, technical person with an attackers mindset, strong systemic thinking, and a passion for taking things apart and understanding how they work, we encourage you to apply.
Your Role:
Investigate and analyze the multi-cloud stack to find 0-day vulnerabilities, security holes, weaknesses, and design flaws
Follow emerging security threats, author blogs about novel research, pubish content, and speak at conferences
Conduct technical research on cloud platforms to yield new insights, theories, analyses, TTPs
Serve as a technical leader and contributor for a research team exploring emerging cloud technologies and services

We are looking for a Cyber Threat Intelligence Analyst to be an integral part of our Intelligence teams, combining both cutting-edge technology and advanced threat intelligence analysis methodologies to deliver high-impact briefings to our customers.

Key Responsibilities
Learning the customer needs and PIRs, configuring their tailored environments in the ERM intelligence platform and supporting the customers with tuning/training throughout engagement
Monitoring and analyzing threats targeting customers, or issues in their digital exposure, in order to produce actionable intelligence alerts and reports.
Investigating intelligence sources, threat actors, attack tools and techniques
Identifying and developing ERM data sources to collect the most relevant intelligence (darknet, forums, social media, marketplaces, etc.) as well as creating and maintaining avatars on these.
Developing the proprietary intelligence platform by surfacing new modules, capabilities and features
Joining meetings with prospects and clients to present deliverables.
Drive cooperation & feedback loops with other ERM teams

We are looking for a Team leader for our File Secuirty Core team to join our threat detection engines group.

You will develop industry-leading sandbox solution in charge of the prevention of zero-days malware reaching the market.

You will work in multiple environments, large-scale cloud (AWS) microservices and on-prem solutions, a multiple development languages, and research the latest malware that exist in the wild.

We operate as an independent developing unit that enjoys flexibility, the option to make a big impact, and meaningful challenging work along with access to malware research resources.

Key Responsibilities
Lead a team of developers that are both experts in development and Malware research.
Research malware behaviour and evasion techniques across all stages of the malware kill change from exploitation and infection to impact.
Hands-on development in C++/Python on multiple environments.
Design and develop mechanisms to detect suspicious and malicious activity on OS internals.
Collaborate cross-functionally with data scientists, project managers, and researchers.
Get experience with developing in a cloud-based and on-prem infrastructure.
Work alongside other engineers on the team to elevate technology and consistently apply best practices.

We are seeking a highly skilled and experienced Application Security Expert to join our dynamic team.

This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools.

Key Responsibilities
Contribute to design and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Promote a culture of security awareness and continuous improvement within the organization.

We are seeking a highly motivated and analytical Information Security Consultant to join our team. As an Information Security Consultant, you will be responsible for performing a variety of IT audit activities for SaaS start-up companies including planning, fieldwork, and reporting. You will have the opportunity to work with a diverse group of clients and industry sectors while developing your technical and professional skills.
Job Description:
Assist with the planning and execution of information security audits
Identify and evaluate information security risks, controls, and business processes
Understand and evaluate the impact of emerging technologies on client operations
Communicate audit findings and recommendations to clients and management
Contribute to the development of audit methodologies, tools, and best practices.

Key Responsibilities
Provide Technical Support via chat, phone and email to customers and partners
Provide assistance with configuration, troubleshooting and best practices to customers and partners
Managing support service requests to ensure issues are recorded, tracked, resolved, and follow up are done in a timely manner.
Provide fault isolation and root cause analysis for technical issues

In this role, youll dive deep into real-world attacks, quickly analyze emerging threats, and develop accurate protections that are deployed to customers in real time. Youll collaborate closely with other analysts, security researchers, and field teams, while also helping shape and improve the workflows and automation that drive our team forward. This is a hands-on, impactful role for someone who loves uncovering threat patterns, solving complex problems, and contributing to a mission-driven security team

Key Responsibilities
Analyze new email-based threats and deliver real-time protection within email security products.

Investigate threats using email-security tools, customer reports, and additional threat-intelligence sources.

Identify ongoing phishing campaigns, trends, and potential detection gaps.

Respond to alerts and requests from internal field teams and customers, providing immediate mitigation for active attacks.

Develop and test tailored mitigations for specific attacks and deploy them to customers.

Write detailed research reports and attack briefs explaining phishing campaigns, attacker techniques, and findings.

Implement automation processes to enhance operational efficiency and detection accuracy.

Contribute ideas to improve team workflows, processes, and coverage.

Use AI and LLM-powered tools to analyze attacks and extract meaningful insights.

Design processes for analyzing phishing campaign data, trends, and related attacker methodologies

Were looking for a GRC Specialist to join our Cyber Security Department and lead cybersecurity Governance, Risk, and Compliance efforts for a growing, disruptive fintech operating in a regulated environment.
This role is ideal for someone who thrives on detail and complexity, enjoys working deeply with regulations and frameworks, and can translate dense requirements into clear, actionable controls.
What youll do
Own, implement, and continuously improve GRC frameworks, policies, and processes
Track and enforce execution of policies across, including documentation and evidence collection
Manage cybersecurity risk assessments and translate findings into business-relevant insights
Drive compliance with ISO 27001, PCI DSS, GDPR, DORA, EU AI Act, and any related European and Israeli privacy and banking regulations
Lead audits, third-party risk assessments, and customer/partner security due diligence
Manage and enhance the GRC platform and related workflows.

We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.

Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

we are looking for a Manager Cyber Defense Center
Responsibilities
Lead, mentor, and manage a team of analysts and incident responders, fostering a culture of continuous improvement and collaboration.
Oversee real-time monitoring, analysis, and escalation of security events using SIEM, SOAR, and other security tools.
Develop, implement, and optimize SOC processes, playbooks, and standard operating procedures.
Coordinate incident response activities, ensuring timely investigation, containment, eradication, and recovery from cyber incidents.
Serve as the primary point of contact for major security incidents, coordinating with internal stakeholders and external partners as needed. Ensuring effective communication and coordination among stakeholders throughout the lifecycle of security incidents.
Stay informed on the latest cyber threats, vulnerabilities, and regulatory developments to adapt the organizations security posture proactively.
Prepare and deliver regular reports, metrics, and presentations to executive management regarding Cyber Defense Center's performance and emerging risks.
Support compliance efforts and audits related to cybersecurity frameworks (e.g., SOC2, ISO 27001).
Manage Cyber Defense Center's technology stack, including evaluating and recommending tools and solutions for threat detection and response.
Establish and lead a dedicated purple team to enhance detection, response, and resilience against threats.

We are looking for an Application Security Pen Tester to join the Application Security team responsible for application security.
The successful candidate will be responsible for contributing to our Cloud/On-prem strategic security program.
Responsibilities:
Conduct on-going Penetration testing activities across all platforms and services
Identify and facilitate remediation of application and cloud security exposures and vulnerabilities
Work to obtain the right mandate to ensure no new products or services are launched without the appropriate security controls
Take a part in development lifecycle and integration of security features into all phases of software design and development
Manage, aggregate, triage and track Vulnerabilities identified by external Assessors.
Assist in implementing Security Testing tools (Dynamic, Static and Runtime) in the Testing pipeline
Assist in defining testing scenarios for the Continuous Integration tests to cover identified vulnerabilities
Work closely with R&D to enhance application security on all layers