לוח משרות דרושים מומחה אבטחת מידע / סייבר

We are looking for a Red Team specialist for our Infrastructure Red Team department for a maternity leave replacement. This role includes researching, assessing and challenging digital identity verification and access mechanisms across a variety of platforms and solutions. The position includes creative red team projects and infrastructure management alongside end-to-end delivery to key clients. You will be responsible for the generation of insights, means, methods and signals provided from diverse intelligence streams alongside red team exercises meant to assist with identifying key vulnerabilities, high risk abuses, and mitigation solutions and planning. Key responsibilities:
* Red Team operations - strategic planning and execution of red team exercises
* Identification, analysis and intelligence gathering on bad actors, sources and platforms, while identifying abuse methods
* Research and development of new operational bypass methods
* Provide insights on intricate means and methods being used by threat actors to abuse the worlds most popular tech platforms while putting users at risk
* Monitoring Web and Mobile environments - social media platforms, forums, blogs, mobile applications and darknet to uncover malicious activity.
* Content creation and management.

Alice is seeking an experienced Malware Research Director to build and manage multiple teams dedicated to malware research. This role presents an exciting opportunity to establish a new operation from the ground up, creating processes, optimizing and setting up cross-team collaboration while serving as the primary client interface. The position is primarily leadership, client-facing, creating solutions and requiring exceptional team-building and operational setup skills. The ideal candidate demonstrates high technical skills, proven experience in building teams from scratch, establishing new operations, and strong client relationship management capabilities. Key Responsibilities:
* Establish operational processes, workflows, and quality standards for the new teams
* Coordinate with other departments to integrate the new operation into the existing infrastructure
* Serve as primary client interface, managing relationships and ensuring client satisfaction
* Present research findings and malicious evidence to clients and stakeholders
* Advise on technical aspects for malware research challenges and automated solutions
* Create training programs and onboarding processes for new team members
* Develop performance metrics and evaluation frameworks for team effectiveness
* Lead client meetings, requirement discussions, and project planning sessions
* Collaborate with sales and business development teams on client engagements

About Alice:
Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.



Hybrid:
No

As a Principal Software Security Engineer, you'll be responsible for delivering offensive security engagements against public-facing and internal products. Youll also be responsible for security auditing of the product stack and researching nuances of securing SaaS platforms. This will require an in-depth knowledge of various approaches to application auditing, including secure code review, debugging, dynamic web application testing, analysis and threat modeling. Youll work closely with product engineering teams to provide investigative reports to improve platform resiliency and ensure best-in-class security solutions.

What you get to do in this role:

Work with diverse business and technology owners
Participate in offensive security engagements including external adversarial emulation.
Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities
Work with engineering teams on remediation
Create and maintain strategic relationships

We are seeking an experienced compliance professional to join our team and support compliance for our SaaS platform.
About the Position:
As Compliance Lead for the SaaS platform, you will be focused on leading and supporting compliance efforts with various regulatory regimes that apply to our SaaS business, including, but not limited to, economic sanctions, anti-bribery, and anti-corruption programs. In addition to these responsibilities, the Compliance Lead will conduct risk reviews of SaaS business customers and report findings to senior management. Risk reviews will encompass initial assessments of new SaaS licensees and ongoing reviews leveraging public information and blockchain analytics.
To be successful in this role, the candidate will need to work closely with internal and external stakeholders, including senior management, front line business leaders, and prospective SaaS licensees. Expertise in digital asset investigative processes, including customer due diligence and blockchain analysis, will be crucial in establishing and executing operations for this role. The ideal candidate will be comfortable working in a fast-paced environment handling multiple ongoing projects that are delivered on time. We are looking for a candidate armed with a roll-up-your-sleeves mentality and forward-thinking approach that is eager to help across multiple verticals and advise business teams on global risks.
This position reports directly to the company's Senior Director of Compliance and will be an independent contributor initially. This role will be based in the US, with preference for candidates based near our NYC HQ; although qualified candidates from other locations are highly encouraged to apply.

As a Cloud Infrastructure and AI Security, you will play a key role in securing multi-cloud infrastructure, embedding security into DevSecOps, and ensuring AI platforms and agentic integrations are built and operated with enforceable security controls.
This role requires deep, hands-on expertise across Cloud Infrastructure Security and AI Security. You will actively design, implement, and enforce security controls across multi-cloud environments and Agentic AI, working closely with R&D, Product, and DevOps teams to embed security directly into architecture and development from day one.
You will operate at the forefront of cloud security, AI and blockchain, helping define how agentic AI systems are implemented safely in production. This is an opportunity to work on cutting edge technologies, collaborate with experienced security and engineering professionals, and grow within one of the most advanced and rapidly evolving domains in modern security.
What You'll Do:
Design, implement, and maintain security controls across multi-cloud infrastructures
Work closely with R&D teams to understand constraints and risks in Agentic AI and Infrastructure
Design and implement runtime AI security controls (guardrails, filters, policy engines, gateways).
Build protections for LLM inference, agent tool execution, MCP / plugin frameworks, and RAG pipelines.
Implement prompt, input, and output inspection for abuse, jailbreaks, data leakage, and policy violations.
Secure Infrastructure, CI/CD pipelines, and automation workflows by embedding DevSecOps best practices
Conduct security reviews of product features, new technologies and ensure they meet security requirements.
Secure Kubernetes clusters and containerized workloads in production environments
Evaluate AI attack vectors (prompt injection, model poisoning, data exfiltration, jailbreaks, emerging attack patterns) and implement effective mitigations
Collaborate with other security teams to resolve security issues and implement security improvements.
Lead security projects and initiatives across environments to enhance the platform's security.

We are looking for a passionate and experienced Governance, Risk, and Compliance (GRC) operations specialist to contribute to our companys efforts in making the most security and trusted provider of digital asset management solutions. This role is critical in driving our day-to-day GRC programs, ensuring they are well maintained, run according to schedule, and align with our business needs.
As the GRC operations specialist, you will oversee the successful implementation and progress of GRC programs, practices, and projects, while collaborating with multiple cross-functional teams within the security department and outside of it.
What You Will Do:
Own, manage, and continuously improve the companys Third Party Risk Management (TPRM) program, making sure it is both aligned with expected security standards and best practices, and meets business requirements and SLAs.
Own, manage, and continuously improve the companys security awareness program, making sure its scope, content, cadence and overall performance are always aligned with the latest and most relevant expectations, while also well received and relevant to the business.
Manage ongoing operations within the GRC team including project management and tracking, financial planning and reporting, annual and periodic planning, and more.
Drive ongoing GRC efficiency through innovation, automation, data-driven decision making research and exploration.
Support and contribute to ongoing GRC operations such as internal and external audits, risk assessments, certification processes, policy management, business continuity program and more.

The Security & Information team is looking for someone who is passionate about technology and has a roll-up-their-sleeves mentality to join our global team. Youll play a crucial role in enhancing our security infrastructure, improving networking, ensuring scalability, and maintaining strong security as we continue to grow. If you want to be an industry leader, on a team experiencing hyper-growth, look no further!
Responsibilities :
Operates as the primary escalation point for critical security alerts, performing deep-dive DFIR investigations, analyzing attacker techniques and vectors, proactively hunting threats, and directing incident response activities.
Lead SecOps projects from inception to execution, ensuring effective implementation and ongoing maintenance.
Mentor a team of SecOps experts, providing technical guidance in a fast-paced environment.
Research how to leverage security telemetry and existing security solutions to improve triage and automated response.
Work cross-functionally to refine and evolve agentic workflows that drive automated security operations.
Coordinate investigation, containment, and other response activities with business stakeholders and groups.
Perform hands-on forensic investigations, log reviews, cloud investigations, and root-cause analysis
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.

Were looking for a highly skilled Technical GRC Expert with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate Zenitys detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep Zenity secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as Zenity grows.
Responsibilities:
Own and mature Zenitys Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Zenitys Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

Were seeking a Senior Security Researcher to drive end-to-end research initiatives that strengthen detection capabilities. In this role, youll investigate emerging attack surfaces, craft and implement innovative detection logic, and test your findings in real-world environments. Its a hands-on position ideal for someone eager to transform research insights into effective, production-grade security defenses.
Responsibilities:
Research AI Agent and LLM-related risks, such as prompt injection and jailbreaking and implement sophisticated detection strategies.
Conduct research on cloud, web, and API security to uncover new threats and attack vectors.
Develop, refine, and design world-class detection logic and rules to enhance runtime protection.
Perform threat-hunting activities across large data sources to identify emerging attack patterns
Drive full-cycle research: from hypothesis and experimentation to production validation.
Collaborate with engineering and product teams to deliver actionable insights.

As a Mobile Threat Analyst at Alice, you will use your internet-fluency, online resourcefulness, broad areas of interest, technical skills, AI-driven methodologies, and hacker-like thinking to solve puzzles and lawfully access difficult-to-come-by open-source data from the deep web.
Responsibilities include:
*  data mining and advanced analysis - conducting high-level Open Source Intelligence
* Collaboration with technical teams
* Analyzing malicious activities online, getting to their sources & distribution methods
* Analyzing large, complex datasets using statistical, scripting, and AI-based techniques.
* Researching new online platforms to discover methods for automating data collection.
* Monitoring third-party websites, forums, messaging app channels, dark web communities, and emerging platforms to uncover malicious activities.
* Translating analytical findings into actionable recommendations for detection systems and enforcement strategies.
* Generate intelligence reports often regarding highly technical concepts and TTPs.

Were seeking an experienced Security Solutions Engineer to help us create new automations and scalable solutions for our customers. Your role will be both strategic and tactical, as youll be working directly with customers to understand their requirements, design solutions, and implement security controls. Join us on our mission to help every security team achieve operational excellence.
Your responsibilitie:
Design and implement security solutions to automate the real-world customer pains.
Provide expert advice and recommendations for security solutions that can achieve customer objectives.
Collaborate with the Sales team to establish a reputation for technical excellence and trustworthiness with potential customers.
Work jointly with other Solutions Engineers & Architects to support the Sales team with technical content and call support.
Establish and maintain a knowledge hub or repository of security best practices, resources, and insights.
Collaborate with the marketing team to generate demos, case studies, blogs, and videos.

Required Security Incident Response Group Lead - (250000G4)
What will you do?
A global provider of cybersecurity protection solutions for networks and applications. We are looking to enhance our Cloud Services, the fastest growing business, in key markets.
Security operation leadership - Oversee the daily operation by leading projects & processes, tracking tasks & progress, and mentoring of a global Incident Response (IR) group that is specialized in detection & mitigation of various network threats, such as Denial-of-service attacks, application server-side & client-side threats, botnets, and more.
Incident response leadership - Oversee & coordinate RT security incidents globally by maintaining & developing solid IR processes & playbooks, crisis management & de-escalation techniques, lead escalation calls, and identify & improve gaps in technical & operational procedures among the global security group.
Global IR team leadership - Lead and mentor a multidisciplinary cloud security group consists of security IR analysts & security experts, fostering a collaborative and high-performance culture, oversee the global recruitment & training process of new employees, and develop & maintain high performance teams with deep technical knowledge, customer orientation, and operational attitude.
Customer engagement - Ensure customer's SLA & satisfaction, build and maintain strong relationship with customers & stakeholders, and maintain regular communication through meetings, reports, and updates to ensure stakeholders are informed about security initiatives, incident responses, and risk posture.
Strategic planning - Develop & execute roadmaps, strategies, and frameworks aligned with organizational goals.

we are looking for a Cyber Threat Intelligence Analyst to join our Cyber team
mission is to provide easy access to high quality web content to companies who wish to focus on data analysis and not data collection.
We work to provide access to the biggest data repositories in each vertical we serve, and we take pride in our ability to quickly take care of our clients, and fulfill their data requirements.
What Youll be Doing:
Maintain deep, ongoing knowledge of deep and dark web sources, actively tracking forums, marketplaces, blogs, and chat platforms, while ensuring data coverage, quality, and continuity.
Perform continuous cyber threat research across the cyber landscape, maintaining up-to-date knowledge of trends and incidents across malware campaigns, ransomware attacks, and data breaches, including threat profiling and ecosystem analysis to enhance detections and customer outcomes.
Own the technical delivery of cyber trials by building tailored POCs, validating data relevance, and demonstrating measurable value aligned with customer KPIs.
Act as a technical point of contact for customers, supporting investigations, resolving data and coverage issues, and contributing to retention and expansion efforts.
Collaborate closely with Product and Development teams to improve data deliverables and help define and develop new product capabilities and features based on customer needs and threat-landscape insights.