לוח משרות דרושים הייטק אבטחת מידע / סייבר

abra is seeking for an Information Security Specialist This role requires monitoring, detecting, and responding to information security incidents across organizational systems (SIEM, EDR, MAIL, WAF, etc.), investigating cyber incidents, managing controls and permissions in AD/Azure AD systems, maintaining and continuously improving organizational security systems, supporting technology projects from an information security perspective, analyzing vulnerabilities, performing risk assessments, and implementing protective solutions. Full-time position, Sunday–Thursday, based in Netanya.

we are looking for a Cloud Security Researcher.
As a Cloud Security Researcher, you will explore and exploit cloud-native attack surfaces, uncovering new vulnerabilities and researching misconfigurations across AWS, Azure, GCP, and container ecosystems. Youll work on offensive cloud security projects that blend creativity, technical depth, and innovation, contributing to cutting-edge tools and methodologies.
Roles and Responsibilities:
Research and develop novel attack techniques targeting cloud environments and infrastructure.
Analyze and exploit vulnerabilities across multi-cloud platforms (AWS, Azure, GCP).
Identify and document security flaws in cloud configurations, networking, and identity systems.
Perform hands-on testing in containerized and Kubernetes-based systems.
Collaborate with engineering and product teams to translate research into security features and best practices.
Develop PoCs, tools, and scripts to automate vulnerability discovery.
Contribute to the wider security research community through responsible disclosure and technical publications.
Stay ahead of emerging cloud threats, security trends, and adversarial TTPs (MITRE ATT&CK, OWASP Cloud-Native Top 10).

We are looking for a hands-on cybersecurity expert to serve as a trusted technical advisor for our customers.
In this role, you will leverage your in-depth knowledge of the cybersecurity landscape, Pentera platform, and security validation principles to lead technical deep-dives, guide remediation strategies, and ensure successful deployment.
Acting as the bridge between the field and R&D, you will combine technical and problem-solving skills with strong communication abilities to drive platform adoption and enhance customer security maturity.
Roles & Responsibilities:
Demonstrate deep technical mastery of the Pentera platform and its integration across customer networks, endpoints, authentication, and security controls.
Lead technical deep-dives with security teams (SOC, IR, Red/Blue) to review findings, explain and analyze attack vectors, and guide remediation based on real-world offensive techniques.
Provide end-to-end support for deployment, configuration, and complex troubleshooting, while advising on security risks, misconfigurations, and validation procedures.
Drive customer success, retention, and platform adoption by providing consistent technical guidance on cybersecurity trends and identifying opportunities for expanded use.
Act as the technical voice of the customer, channeling operational feedback and needs internally to Product, R&D, and Support teams.

We are looking for a versatile and innovative Attack-oriented Cyber Researcher to join our R&D team and become part of the revolution.
You will conduct state-of-the-art research across multiple environments, ranging from Windows internals and kernel-level security to cloud platforms like AWS, Azure, Web technologies, etc' to stay one step ahead of real threat actors.
Your findings, your code and attack tools will feed directly into our automated attack platform, enhancing its capabilities with new offensive techniques and AI-powered decision-making algorithms.
Roles and Responsibilities:
Perform in-depth research in multiple areas such from AV/EDR evasion, binary exploitation, vulnerability discovery, and subversion of communication channels across both OS-level, domains, cloud-native domains, external surfaces.
Integrate research outputs into production-grade attack functionalities within our automation ecosystem.
Architect and develop AI-driven decision-making modules that enable the platform to mimic experienced attackers, making real-time choices during automated operations.
Develop production-ready attack capabilities using whatever technologies are necessary, Python, C/C++, C#, Java, Office Macros, Bash, PowerShell, Go, Ruby, Assembly, etc.
Mentor and collaborate with fellow R&D team members, fostering a culture of innovation and continuous learning.

Were looking for an experienced and highly organized Project Manager - Cybersecurity Operations to join our growing team. In this role, youll manage end-to-end delivery of cybersecurity programs for our clients, ensuring every engagement runs efficiently, aligns with business objectives, and delivers measurable value.
Youll collaborate closely with cross-functional teams including engineering, research, product, and customer excellence to ensure projects meet deadlines, maintain quality, and exceed expectations. This is an opportunity to lead high-impact cybersecurity initiatives in a global, fast-paced environment.
Roles and Responsibilities:
Manage multiple cybersecurity projects simultaneously, from planning through execution and delivery.
Coordinate and communicate across technical and non-technical teams to ensure project alignment and success.
Translate client needs into actionable project plans, defining clear scope, milestones, and deliverables.
Monitor and report project performance using KPIs, dashboards, and structured communication frameworks.
Proactively identify risks, dependencies, and bottlenecks, and implement mitigation strategies.
Maintain strong client relationships through transparency, responsiveness, and strategic alignment.
Standardize delivery processes, templates, and reporting to ensure consistency and scalability.
Coordinate internal project allocation and workload balancing across teams to ensure resources are distributed efficiently, prevent overload, and maintain smooth operations.

Were looking for an experienced GRC Manager to join our team in Israel. Were seeking someone with solid, hands-on experience who can take ownership and lead both technically and operationally.
You will lead the certification and accreditation processes , managing all current compliance frameworks and certifications. This includes both preparation activities and direct engagement with external auditors, from readiness and gap analysis through to achieving final reports or certificates.
Roles and Responsibilities:
Lead internal and external audit and certification cycles, ensuring readiness and successful completion of assessments.
Maintain and continuously improve internal control framework, ensuring that security and compliance controls are effective, documented, and aligned across ISO 27001, SOC 2, and privacy requirements.
Develop, maintain, and enhance security and compliance documentation, including policies, procedures, and evidence repositories.
Manage the ongoing risk management process by maintaining a centralized risk register and ensuring alignment between business objectives, regulatory obligations, and security controls.
Conduct internal audits and risk assessments to evaluate the effectiveness of technical and organizational controls.
Manage the cybersecurity onboarding and ongoing risk assessments of third-party vendors, while cooperating with Legal to ensure alignment with privacy compliance requirements.
Manage relationships with external auditors and consultants, ensuring timely completion of certification milestones.
Partner with cross-functional teams to strengthen the companys overall GRC posture and support continuous improvement initiatives.

Cybersecurity system architect We are a global leader in high-scale, disaggregated networking solutions, redefining how the worlds largest service providers and hyperscalers build their infrastructure.
As a Cybersecurity system architect, you will join our core R&D Architecture group to define the end-to-end security fabric of our platforms. You will lead the integration of deep security intelligence into high-performance, telecom-grade network operating systems.

Responsibilities:
Define Security Architecture: Lead the design of L3-L7 firewalling, stateful inspection, and application-aware filtering.
Threat Detection Frameworks: Architect scalable engines for DPI (Deep Packet Inspection), signature/anomaly detection, and ML-based threat mitigation.
system Integration: Conduct system -level threat modeling and define secure communication paths across platform and protocol layers.
Performance Optimization: Align security enforcement with hardware-assisted offload strategies to ensure line-rate performance with minimal latency.
Collaboration: Work closely with R&D teams to embed behavioral analytics and evasion-resilient detection into the product's core.

We are looking for an Application Security Engineer to join our Security Engineering team.

What you will be doing:

As an Application Security Engineer , you will play a critical role in ensuring our software applications are secure by design and resilient against evolving threats. You will collaborate closely with development, DevOps, and product teams to embed security throughout the SSDLC and drive secure coding practices.

Conduct security assessments, penetration tests, and code reviews across web, mobile, and cloud applications.

Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using platforms like Azure DevOps, GitHub Actions.

Design and enforce secure coding standards and SSDLC policies.

Collaborate with developers to remediate vulnerabilities and provide inline guidance during PR reviews.

Lead threat modeling and architecture reviews for new features and services.

Manage secrets, access controls, and data confidentiality assurance across applications.

Monitor public exposure of cloud resources and enforce Azure policies to prevent misconfigurations.

Participate in incident response and forensic analysis for application-related security events.

Deliver security awareness training and documentation for engineering teams.

Maintain up-to-date knowledge of OWASP Top 10, secure coding techniques, and emerging threats.

We are looking for an experienced Security Engineer to join our security operations team with a strong focus on detection and response.

This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.



What You Will Do:

Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.

Build and maintain an effective and scalable security monitoring infrastructure solution.

Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.

Triage alerts and drive security incidents to closure while reducing their potential impact .

Build processes and workflows to triage security alerts and respond to real incidents.

Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.

Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.

Contribute to strategy, risk management, and prioritization for all efforts around detection and response.

Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.

Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.

we are looking for an experienced, hands-on Chief Information Security Officer to build and lead our security strategy from the ground up. As a fast-growing mature privately held startup, we need a security leader who can balance strategic vision with roll-up-your-sleeves execution. This role is ideal for someone who thrives in dynamic environments and excels at owning and driving Information Security end to end. The CISO will report to the companys COO.
Key Responsibilities 
Oversee our companys end-to-end information security program, ensuring the protection of data, systems, applications, and employees.
Build, lead, and scale a high-performing security team of 5+ professionals.
Develop and implement a comprehensive security strategy aligned with business goals, industry best practices, and regulatory requirements.
Define and monitor company wide security policies, standards, governance frameworks, and technical controls (e.g., firewalls, IDS/IPS, endpoint security).
Lead Governance, Risk, and Compliance (GRC), including risk assessments, vulnerability management, incident response, and maintenance of the organizational risk register.
Drive proactive security monitoring and threat management, including insider threats, phishing, social engineering, credential theft, and emerging risks.
Conduct regular security assessments and partner with business units to identify, prioritize, and remediate vulnerabilities.
Ensure readiness for internal and external audits; manage the audit process with agencies, auditors, customers, and stakeholders.
Select, implement, and manage security technologies, tools, vendors, and processes supporting the organizations security objectives.
Closely collaborate with the IT team, who will be responsible for executing the security policies.
Collaborate with DevOps and engineering teams to strengthen security posture and embed secure-SDLC practices.
Provide executive-level communication and reporting to leadership and the board regarding cybersecurity risks, investments, and priorities.
Develop and deliver organization-wide security awareness and training programs.
Manage the security budget and resources efficiently.

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.

As part of System Architecture group, the Cybersecurity System Architect will define the end-to-end architecture of advanced network security services, such as intrusion prevention systems (IPS), and host-based intrusion detection systems (HIDS) and firewalling. This role is at the forefront of integrating deep security intelligence into high-performance, scalable network operating systems and telecom-grade platforms.
As part of R&D core function, shaping next-generation secure network infrastructure by embedding deep packet inspection, behavioral analytics, and threat mitigation into the product architecture.
Responsibilities
1. Architecture of Integrated Security Services
Define and lead the system architecture for L3-L7 firewalling, stateful inspection, policy enforcement, and application-aware filtering.
Architect integration of IPS, DPI, signature- and anomaly-based detection, and evasion-resilient detection engines into control and data plane systems.
Specify how HIDS capabilities will be embedded or interfaced with NOS components for detecting host-based anomalies and compromise indicators.
2. Threat Detection & Prevention Frameworks
Design scalable architectures that support high-speed signature matching, traffic heuristics, and flow analysis under real-world traffic conditions.
Define mechanisms for rule updates, threat intelligence feeds, and integration of ML-based detection algorithms.
Architect policy engines for complex rule matching, including user-defined policy trees and hierarchical control structures.
3. Secure System Integration
Lead system-level threat modeling and security design reviews across platform, OS, and networking protocol layers.
Define secure communication paths, trust boundaries, and cryptographic protections for sensitive metadata, logs, and update mechanisms.
Ensure proper isolation and sandboxing of inspection/control modules, especially in multi-tenant or containerized environments.
4. Performance and Resilience Considerations
Design architectures to meet line-rate security enforcement, ensuring minimal latency overhead while preserving packet integrity.
Align with the HW Architecture for performance optimized flow offload strategies (e.g. hardware-assisted DPI).

Were seeking passionate professionals who thrive in a fast-paced, creative, and collaborative environment - those who want to be part of the next generation of airspace security innovation.

The Position: We are seeking a highly motivated and technically proficient Senior Security Researcher to join our security research division. This role is dedicated to performing advanced offensive security assessments against the biggest companies in the world You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems What you’ll do:
* Engage in sophisticated Red Team projects, including the identification of undisclosed API endpoints and development of novel bypass techniques for established security controls
* Lead and execute comprehensive, technically rigorous security research targeting complex web and mobile applications including reverse engineering and proprietary protocols investigation


About ActiveFence:
Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.



Hybrid:
Yes