לוח משרות דרושים מומחה אבטחת מידע / סייבר

Our Technology Consulting team is looking for a Cybersecurity Consultant to join our cyber department.

The Cyber Department works with a variety of clients in different fields: Government, Hi-tech, Industry, Retail, Hotels, Defense and more.

The Job Will Include:
Client Engagement: Leading, guiding and advising to clients in Israel and abroad as well as joint projects with various partners of KPMG global on cyber security projects based on methodology, regulation and standards.
Technologies: Work with different aspects of cyber security in multiple fields such as IT, OT & Cloud.
Security Assessments: Carrying out risk surveys including cyber, operational and supply chain risks.
Advisory and Strategy Development: Developing business continuity plans (BCP) ,cyber security and maturity programs, secure architectures, policies and information security procedures.
Collaboration: Leading representative and high-profile meetings with client internal senior management.

We are continuously expanding the capabilities , actively listening to customers and responding to their needs. We are looking for Senior Detection AI Engineer with passion and experience in AI / Machine Learning, who will be directly involved in developing our core detection technology and ensuring we are always staying ahead of cybercriminals.
What Will You Do?
Be part of a globally distributed team of Cyber Security Researchers and Data Scientists.
Focus on applying the latest machine learning and deep learning advancements to detect and defeat threats.
Train models using the companys vast real threat data.
Develop features to support engineering teams and improve customer visibility into endpoint health.
Collaborate with multiple engineering teams to design and build new detection capabilities.
Contribute to industry-leading cybersecurity platform.
As a Senior-level engineer, inspire and provide technical leadership to others.

About us: We are an Israeli research and development company specializing in analyzing cyber and technological security threats. We design secure architectures and controls for complex systems, providing cyber-resilient architecture design, research and development of innovative security controls, hardware security, and system security engineering. Our expertise includes protecting RF and Wireless channels, cryptography, quantum communication and more.
Job Description:
As a Cyber security system Engineer, you will lead the security engineering aspects of multidisciplinary projects. You will conduct system design surveys, participate in various design and testing stages, and lead cyber and security research in software, firmware, and hardware. Your responsibilities will include: Conducting threat risk analysis, mapping protection targets, designing security architecture and defining appropriate security controls for systems at different maturity and life-cycle phases. Analysing advanced systems and designing cyber and technological security solutions. Planning and executing Cyber security strategies in collaboration with clients and regulatory bodies. Leading and guiding development teams from specification through design to integration. Designing and conducting system proof of concept experiments. Initiating and advancing projects and product development in cyber and security technology. Evaluating existing and future technological solutions. Monitoring the implementation of Cyber security measures in projects and ensuring compliance with security plans.

About us, we secure products and systems throughout their lifecycle. As a multidisciplinary cybersecurity company based in Israel, we specialize in providing comprehensive security solutions across all engineering domains. Our expertise spans hardware security, system security engineering, FPGA and Embedded systems security, low-level software and operating systems cybersecurity, cryptography, RF cybersecurity, quantum-resilient security, and more.
Job Description Project Management and Technical Leadership: Lead and manage software development projects, including planning, coordinating, and supervising team activities to ensure successful project completion. Define development requirements, guide contractors, and implement secure development methodologies and practices. system Design and Development: Design and develop secure software systems and architectures for complex and Embedded systems, ensuring they meet security and performance requirements. Implementation and Configuration: Design, code, TEST, and debug system software, including hardware bring-up. Enhance system efficiency, stability, and scalability. Integrate and validate new product designs. Implement and configure software systems. Risk Analysis and Problem Solving: Conduct risk analysis and problem-solving for system issues, using tools and techniques to identify and resolve problems efficiently. Maintenance and Technical Support : Provide ongoing maintenance and Technical Support, including security updates, bug fixes, and performance enhancements. Secure Development Processes: Implement and oversee secure development processes, including secure code reviews, automated code testing (SCA + SAST), and defining treatment thresholds for TEST results. Documentation and Risk Management: Write explanatory documents, manage risks, and provide defensive justifications for scan results that cannot be addressed.

We are seeking a Compliance Auditor to ensure adherence to requirements of external certifications, internal policies, regulatory requirements and industry standards. Working directly in the Compliance team under Legal, and in parallel closely with RnD, this role involves supporting external assessments (SOC 2, ISO 27001, PCI-DSS and FedRAMP), conducting internal audits, responding to customer security inquiries, and enhancing compliance processes and security posture. The ideal candidate has experience in audit frameworks, risk management, and security controls, with strong analytical and cross-functional collaboration skills.

Key Responsibilities:
Assist with audits, such as: SOC 2, ISOs, PCI-DSS, and FedRAMP, including evidence collection and reporting.
Maintain documentation and evidence required for audits.
Conduct internal audits to assess compliance with company policies, regulatory frameworks and external certifications.
Ensuring company policies and procedures are maintained and implemented.
Drafting policies and procedures.
Assist in responding to customer security and privacy questionnaires.
Assist with compliance projects, such as: regulations compliance, and projects related to standards.
Assist with vulnerabilities management program.
Work with the Legal and Security teams to ensure policies align with compliance requirements.
Collaborate with Engineering and Product teams to implement compliance requirements.
Review third-party vendors for compliance with our requirements.

We are seeking an experienced Application Security Architect to join our Cyber Team. As an Application Security Architect, you will be responsible for overall Application Security standards, guidelines, and requirements for different groups . Your expertise in secure architecture, design, and SSDLC will play a crucial role in ensuring the security of our products and the protection of our sensitive financial data. This is a strategic position that offers an opportunity to shape and drive the security initiatives of our cutting-edge fintech solutions.

What youll be spending your time on:

Review and approve secure architecture designs for all developments for customers, partners, integrators or in-house solutions, considering best practices, regulatory requirements and business objectives.
Assist in creating or researching for security solutions solving security challenges, both on-prem and in the cloud.
Collaborate with cross-functional teams (mainly R&D and DevOps/DevSecOps) to define security requirements and design robust security controls for systems, both on-prem and in the cloud.
Provide technical guidance and expertise to internal teams in selecting and integrating in-house solutions or third-party vendors.
Design and implement cloud security solutions, such as network security, identity and access management, data protection and encryption.
Stay up-to-date with the latest security technologies, threats, and trends, and provide recommendations for continuous improvement.
Serve as a subject matter expert on application security, providing guidance and mentorship to other teams in the company.

A Senior Security Engineer is expected to be proficient in multiple domains. This is a leadership role within the Annapurna security team and you will be sought out for advice on technical and business issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. A Senior Security Engineer will proactively share knowledge across the community and will be a key company resource in one or more of the core areas of security. He will lead security reviews of large projects while setting standards and defining best practices for our Security teams.

Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. A broad understanding of the business and its interconnections is required. This position will also provide training, advice, and mentorship to other engineers throughout us.

We are looking for a Sr. Cloud Threat Detections Engineer.
As a Senior Cloud Detection Engineer, you'll be at the forefront of protecting organizations against sophisticated cloud threats, working with some of the industry's most advanced security technologies and enterprise-scale cloud environments. You'll have the unique opportunity to translate real-world adversary intelligence into innovative detection capabilities that protect many of the world's leading organizations across every major industry.
What You'll Do:
Research and develop detection content for cloud-native attacks, including identity-based threats, data exfiltration, privilege escalation, cloud-native tactics
Create correlation logic and between runtime events and control plane activities.
Design and implement detection logic across multi-cloud and hybrid environments.
Collaborate with Threat Intelligence, OverWatch, and Incident Response teams to develop detections based on real adversary activities
Partner with Product and Engineering teams to enhance detection capabilities.

seeking an experienced Cyber Threat Researcher to join our cyber research team. This role involves in-depth research into SaaS application security, identifying misconfigurations, and providing insights that help secure our customers SaaS environments. Youll work closely with product, marketing, and R&D teams to ensure your research contributes to developing cutting-edge security features and customer value.

Key Responsibilities
Conduct Security Research: Conduct in-depth research into security risks and misconfigurations associated with SaaS applications, identifying trends and opportunities to enhance product capabilities.
API Analysis: Review SaaS application APIs to assess security functionalities, and determine how to leverage them for enhanced protection.
Cyber Threat Intelligence: Analyze emerging cyber threats and breaches to understand attack vectors, risks, and trends, applying this knowledge to enhance the security posture of our product and customers.
Collaborate Across Teams: Partner with product, R&D, and marketing teams to translate research findings into valuable product features and contribute to security-focused publications and thought leadership.

We are looking for a Cloud Threat Detections Engineer.
As a Cloud Detection Engineer, you'll be at the forefront of protecting organizations against sophisticated cloud threats, working with some of the industry's most advanced security technologies and enterprise-scale cloud environments. You'll have the unique opportunity to translate real-world adversary intelligence into innovative detection capabilities that protect many of the world's leading organizations across every major industry.
What You'll Do:
Research and develop detection content for cloud-native attacks, including identity-based threats, data exfiltration, privilege escalation, cloud-native tactics.
Create correlation logic and between runtime events and control plane activities.
Design and implement detection logic across multi-cloud and hybrid environments.
Collaborate with Threat Intelligence, OverWatch, and Incident Response teams to develop detections based on real adversary activities.
Partner with Product and Engineering teams to enhance detection capabilities.

Penetration Testing Specialist.
A company located in central Israel is looking for an experienced Penetration Tester to join its team.
The company provides security services to clients, and the role involves managing and performing penetration testing while providing on-site security services at the client's location.
This is an exciting opportunity for someone who thrives in a dynamic environment and enjoys taking ownership of projects from start to finish.
Responsibilities:
Conduct and manage penetration testing for clients across web applications, networks, and cloud environments.
Identify vulnerabilities, assess security risks, and provide actionable recommendations to improve security posture.
Work independently and take ownership of individual projects, ensuring all tasks are completed on time and to the highest standards.
Collaborate with internal teams and clients to tailor testing approaches based on specific security needs.
Provide expert guidance on remediation efforts, and support the implementation of security improvements.
Document findings, prepare detailed security reports, and deliver presentations to clients.
Stay up-to-date with the latest trends and tools in penetration testing, and continuously expand your skill set.
Location: Central Israel (providing on-site penetration testing services at client locations).
Position: Full-time.
If you are passionate about cybersecurity, possess a strong sense of ownership, and are looking for an opportunity to work on challenging security projects, wed love to hear from you!
CVs should be sent to our email.