לוח משרות דרושים מומחה אבטחת מידע / סייבר

In this role, youll dive deep into real-world attacks, quickly analyze emerging threats, and develop accurate protections that are deployed to customers in real time. Youll collaborate closely with other analysts, security researchers, and field teams, while also helping shape and improve the workflows and automation that drive our team forward. This is a hands-on, impactful role for someone who loves uncovering threat patterns, solving complex problems, and contributing to a mission-driven security team

Key Responsibilities
Analyze new email-based threats and deliver real-time protection within email security products.

Investigate threats using email-security tools, customer reports, and additional threat-intelligence sources.

Identify ongoing phishing campaigns, trends, and potential detection gaps.

Respond to alerts and requests from internal field teams and customers, providing immediate mitigation for active attacks.

Develop and test tailored mitigations for specific attacks and deploy them to customers.

Write detailed research reports and attack briefs explaining phishing campaigns, attacker techniques, and findings.

Implement automation processes to enhance operational efficiency and detection accuracy.

Contribute ideas to improve team workflows, processes, and coverage.

Use AI and LLM-powered tools to analyze attacks and extract meaningful insights.

Design processes for analyzing phishing campaign data, trends, and related attacker methodologies

Were looking for a GRC Specialist to join our Cyber Security Department and lead cybersecurity Governance, Risk, and Compliance efforts for a growing, disruptive fintech operating in a regulated environment.
This role is ideal for someone who thrives on detail and complexity, enjoys working deeply with regulations and frameworks, and can translate dense requirements into clear, actionable controls.
What youll do
Own, implement, and continuously improve GRC frameworks, policies, and processes
Track and enforce execution of policies across, including documentation and evidence collection
Manage cybersecurity risk assessments and translate findings into business-relevant insights
Drive compliance with ISO 27001, PCI DSS, GDPR, DORA, EU AI Act, and any related European and Israeli privacy and banking regulations
Lead audits, third-party risk assessments, and customer/partner security due diligence
Manage and enhance the GRC platform and related workflows.

We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.

Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

we are looking for a Manager Cyber Defense Center
Responsibilities
Lead, mentor, and manage a team of analysts and incident responders, fostering a culture of continuous improvement and collaboration.
Oversee real-time monitoring, analysis, and escalation of security events using SIEM, SOAR, and other security tools.
Develop, implement, and optimize SOC processes, playbooks, and standard operating procedures.
Coordinate incident response activities, ensuring timely investigation, containment, eradication, and recovery from cyber incidents.
Serve as the primary point of contact for major security incidents, coordinating with internal stakeholders and external partners as needed. Ensuring effective communication and coordination among stakeholders throughout the lifecycle of security incidents.
Stay informed on the latest cyber threats, vulnerabilities, and regulatory developments to adapt the organizations security posture proactively.
Prepare and deliver regular reports, metrics, and presentations to executive management regarding Cyber Defense Center's performance and emerging risks.
Support compliance efforts and audits related to cybersecurity frameworks (e.g., SOC2, ISO 27001).
Manage Cyber Defense Center's technology stack, including evaluating and recommending tools and solutions for threat detection and response.
Establish and lead a dedicated purple team to enhance detection, response, and resilience against threats.

We are looking for an Application Security Pen Tester to join the Application Security team responsible for application security.
The successful candidate will be responsible for contributing to our Cloud/On-prem strategic security program.
Responsibilities:
Conduct on-going Penetration testing activities across all platforms and services
Identify and facilitate remediation of application and cloud security exposures and vulnerabilities
Work to obtain the right mandate to ensure no new products or services are launched without the appropriate security controls
Take a part in development lifecycle and integration of security features into all phases of software design and development
Manage, aggregate, triage and track Vulnerabilities identified by external Assessors.
Assist in implementing Security Testing tools (Dynamic, Static and Runtime) in the Testing pipeline
Assist in defining testing scenarios for the Continuous Integration tests to cover identified vulnerabilities
Work closely with R&D to enhance application security on all layers

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization.
In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

Required DFIR Expert
Herzliya, Israel, Full Time, hybrid
Our DFIR team is responsible for responding to our clients' cyber incidents and crises.Our group is expanding. If you see yourself in the front line of the cybersecurity domain as a digital forensic and incident response (DFIR) talent, your place is with us. As a DFIR team member, you will participate in hands-on security research and investigations, helping our customers understand and mitigate cyber threats and attacks.
Responsibilities
Perform incident response lifecycle and real-time activities, including detection and analysis, containment and eradication, and recovery
Perform incident response in a cloud environment (Azure, AWS etc.).
Perform digital forensics investigations
Research and analyze tactics, techniques, and procedures (TTPs) used by malicious actors
Perform hunt-evil and find-evil activities for proactively detecting attacks
Work closely with our in-house red team, CTI, and cyber architect teams
Work closely with worldwide companies, CISOs, and technology experts.

We are looking for an experienced Security Architect to lead the design and implementation of advanced security solutions across our infrastructure, products, and cloud environments. In this role, you will work closely with engineering, DevOps, product, and SOC teams to ensure end-to-end protection, threat resilience, and security-by-design architecture.

Your Chain of Impact:

Design and implement scalable, secure architectures across cloud, application, and data environments
Lead security reviews, threat modeling, and risk assessments for new and existing systems.
Collaborate with R&D and DevOps to embed security best practices into development and deployment processes.
Define and maintain security standards, policies, and frameworks (Zero Trust, IAM, network controls, data protection, etc.)
Oversee integration of security controls, monitoring systems, and automated detection capabilities.
Partner with SOC teams to enhance detection, response, and incident management workflows.
Evaluate new security tools and technologies; lead POCs and drive strategic decisions.
Provide security guidance during architecture planning, code reviews, and product design.

We're looking for a Corporate Systems Administrator to own Port's internal IT systems, identity lifecycle, and governance processes as we scale globally and progress toward FedRAMP authorization.

Port is expanding rapidly into enterprise and federal markets, and we're managing an increasingly complex and sensitive SaaS and infrastructure environment. We need a leader who can build scalable processes, strengthen our security and compliance posture, and ensure our internal systems evolve to support fast, high-quality growth.

In this role, you'll partner closely with Security, GRC, Engineering, and Finance to implement best-practice controls, automate lifecycle workflows, and drive operational excellence across the company.



Who you'll work with

You'll report to the Head of IT and work closely with the CIO, Security team, GRC Program Manager, and Engineering/DevOps teams. You'll partner with business system owners across all departments to ensure governance standards are met. You'll also work with Finance on procurement and vendor management.



What you'll do
Own the IT systems & employee lifecycles - manage identity lifecycle, MDM, endpoint security, and SaaS access management across the company.
Implement and maintain GRC-related IT controls, including SSO, encryption, device posture enforcement, and centralized logging.
Collaborate with Security and GRC teams to ensure compliance with access, backup, and configuration standards.
Lead internal IT audits and manage evidence collection efforts for FedRAMP, SOC 2, and other compliance initiatives.
Partner with business system owners to uphold governance best practices and ensure systems align with security and compliance requirements.
Maintain and evolve the SaaS catalog, ensuring continuous review of ownership, access controls, and lifecycle management.
Drive the SSO roadmap, integrating the majority of our SaaS applications into a unified identity platform.
Represent IT in the SaaS procurement process to ensure tools meet governance, security, and integration standards.
Develop and scale IT governance processes, automating workflows such as new system onboarding and access provisioning.
Continuously strengthen our enterprise IT governance and security posture as the company grows.

We're looking for a GRC Program Manager to drive FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.

FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
What you'll do

Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
Build and maintain the compliance evidence repository and continuous monitoring program.
Manage cross-team milestones, track control implementation progress, and identify blockers.
Develop repeatable processes and frameworks to sustain compliance post-authorization.
Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
Lead internal readiness assessments and gap analyses.

we are the world leader in accelerated computing, defining the future of AI and high-performance networking. We are seeking a committed Product Security Processes and Operations Engineer to join us and drive various strategic product security operational activities. This is a critical, hands-on role where you will focus on the execution and delivery of security initiatives across our company Networking.
You will orchestrate vulnerability response, supervise security features implementation, and ensure process consistency, serving as a central coordinator for security execution across engineering teams building the core of the world's largest AI clusters.
What You Will Be Doing:
You will serve as an operational core for security execution, leading security vulnerability response and feature delivery across product teams:
Contribute to the definition and improvement of comprehensive security processes across various engineering teams and subject areas.
Drive end-to-end operational execution of vulnerability workflows, including rapid assessment, triage, tracking, and coordination of mitigation efforts for variety of issues and security incidents.
Ensure engineering teams consistently adhere to established product security procedures, helping teams interpret and apply the policies requirements.
Supervising the execution of new security features through the product development phases, ensuring timely delivery and integration by engineering teams.
Deliver existing product security training modules and maintain operational documentation for security processes to ensure clarity and consistency across development teams.
Support the operational steps required for existing internal and external security compliance and certification initiatives, gathering evidence and tracking required work.

we are looking for a Fraud Analyst.
As a Fraud Analyst, you will be responsible for the core asset of the company - ensuring the ongoing accuracy and superior performance of what is widely recognized as the industry's leading e-commerce fraud decisioning system. You will be empowered and expected to constantly innovate, devising smart logical and technical solutions to address real and evolving business challenges faced by the world's largest and most sophisticated online retailers, who constitute our primary clientele.
In this capacity, your work will also include some direct engagement with these key customers, providing analytical insights and helping to tailor solutions to their specific needs.
This is a role with significant technical aspects, but prior coding knowledge is not required - we believe the right candidates can learn everything they need to do this job well as part of our training process, and while doing the job.
You will join a dynamic department with a deeply ingrained culture of striving for excellence and being the best in our field. We foster an informal, collaborative environment where your contributions are highly valued. This role offers significant growth opportunities, with clear pathways for advancement in both managerial and senior individual contributor (IC) capacities, allowing you to shape your career based on your strengths and aspirations. Your work will directly influence our product, protect our customers, and help define the future of trust in digital commerce.
What you'll be doing:
Invent, design, implement, and refine our systems decisioning logic in production.
Conduct in-depth research into complex fraud patterns and emerging threats.
Leverage extensive datasets to derive actionable insights and enhance decisioning accuracy.
Develop and automate analytical processes to improve efficiency and scale our capabilities.
Collaborate with Data Science, Engineering, and other cross-functional teams to drive platform improvements.

Job Description:
Provide end-to-end guidance for technology projects on application security aspects, from initiation to production, while defining security policies.
Draft security guidelines for development teams to ensure secure coding practices, address vulnerabilities and security gaps in development and production environments and implement technological security solutions in application domains.
Collaborate in designing secure architectures aligned with company policies.
Identify application-level security gaps and define required controls.
Monitor and ensure compliance with cybersecurity risk management directives issued by the regulatory authority, organizational procedures, and security guidelines for various business and technology units.
Support application security assessments, including scope definition, validation of findings, and oversight of remediation efforts to close exposures.
Draft requirement documents for security products and innovative technologies.

We are seeking a highly skilled Principal Security Researcher to join our Threat and Detection Group at the Tel-Aviv R&D center.
This team focuses on PANW Cortex Security and Security Assurance features across various operating systems and platforms, including (but not limited to) Linux, Mac, and Cloud. This is an applied research role with a clear mission: your research directly improves the detection and prevention capabilities of our XDR agent.
The role involves simulating, automating, and developing proof-of-concepts for known threats and offensive tools to evaluate new feature security coverage and detection quality, aligned with the Kill Chain/MITRE ATT&CK Framework and real-world threats. We need an experienced Security Researcher with a deep background in offensive security concepts and a strong interest in Linux, Cloud, and macOS platforms.
You will conduct Linux security evaluations, research innovations to enhance our security solutions, and find innovative yet practical solutions to contemporary problems. You will also develop custom tools and advanced in-house security capabilities to continuously validate our product's defenses.
Your Impact
Work hand-in-hand with the Cortex Agent release team. This role demands applied research synchronized with our delivery schedule, ensuring that every feature release is validated against the latest threats prior to launch.
Drive our threat simulation automation strategy by researching and developing new tools and capabilities that emulate real-world adversary behavior.
Enrich our Security Automation Coverage and infrastructure to protect against known and unknown threats.
Thrive in a fast-paced, high-impact environment, mastering new security features, technologies, and complex platforms (from kernel to Kubernetes) quickly.
Conduct hands-on research to identify real-world Malware, exploits, and novel attack vectors, then create and code PoCs to test our defenses.
Act as a key research partner with engineering teams to push and validate our product capabilities.
Leverage data-driven approaches to identify threats and propose effective mitigations.