דרושים » אבטחת מידע וסייבר » Application Security Researcher

driving and leading the next generation networks with our solution. Founded to solve the data explosion challenge, our cutting-edge technology and solution have created a paradigm shift in the economy of networks. Through smart and high-performance bit processing on merchant silicon and commodity hardware, we enable new revenue opportunities and sustainable growth for our customers, even as Internet usage explodes. Our system is a cornerstone of this mission, and we are looking for a talented developer to take it to the next level.

About the Role
We are looking for a hands-on and experienced Application Security Team Leader to drive our product and infrastructure security strategy and execution.
You will lead a team responsible for integrating security into our development workflows, managing vulnerabilities, and securing our use of open source and third-party components. This role requires both strong technical skills and the ability to lead and collaborate across multiple engineering functions.

Key Responsibilities
Team Leadership & Strategy
Build and lead the Application Security team, setting goals and ensuring successful delivery of security initiatives.
Define and drive the application security roadmap in collaboration with R&D, DevOps, and Product.
CI/CD Security Tool Integration
Oversee integration and maintenance of SAST, SCA, and DAST tools in CI/CD pipelines.
Ensure security checks are automated and embedded early in the development lifecycle.
Open Source & Package Mapping
Guide the team in mapping and maintaining an inventory of open source and third-party components across the product.
Identify critical dependencies and oversee continuous monitoring and hardening efforts.
Vulnerability Detection, Tracking & Reporting
Lead monitoring for CVEs affecting the OS, kernel, standard packages, and containers.
Ensure vulnerabilities are documented, tracked, and addressed through coordinated patching and remediation.
Communicate risks and progress to stakeholders via clear, actionable reports.
Risk Mitigation & Component Hygiene
Oversee efforts to identify and replace outdated or redundant software components.
Ensure timely updates of third-party packages to mitigate known vulnerabilities.
Promote secure software component usage and lifecycle management across teams.

we are looking for an experienced Application Security Architect to join our Cybersecurity team. In this role, you will be instrumental in building and advancing our companys application security programs. Working closely with talented engineers, product managers, and platform teams, youll play a key role in ensuring the security of our software development lifecycle (SDLC).
Youll provide security services including secure coding practices, architecture reviews, awareness and training initiatives, and tool implementation. From threat modeling to secure development education, your contributions will directly impact the safety and resilience of our companys products.
What am I going to do?
Lead Secure SDLC Initiatives: Drive security throughout the software development lifecycle (S-SDLC), including threat modeling, risk assessments, and mitigation planning for new and existing applications.
Embed Secure Design Practices: Guide development teams on implementing secure architectural patterns, design principles, and coding standards, with emphasis on OWASP and industry best practices.
Security Tooling Strategy: Define and manage the integration of Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools into our companys CI/CD pipelines, ensuring scalable, platform-agnostic coverage and effective vulnerability management.
Security Testing & Remediation: Perform and oversee application security testing, ensuring timely remediation of identified vulnerabilities.
Develop Security Standards: Create and maintain secure coding standards, best practices, and development guidance tailored to our companys tech stacks.
Code Reviews: Conduct in-depth manual and automated security code reviews for critical components, offering practical and constructive feedback to engineering teams.
API & Mobile App Security: Design and assess security for APIs and mobile applications, ensuring robust authentication, authorization, and data protection in line with industry standards.
Third-Party Risk Management: Evaluate the security posture of third-party libraries, components, and services integrated into our company's applications.
Cloud Security Collaboration: Partner with Cloud Security Architects to ensure secure application deployment in cloud environments (e.g., AWS, GCP), offering expert advice on cloud-native security practices.
Team Enablement & Education: Mentor development teams on emerging threats, secure coding techniques, and security-first development approaches.
Bug Bounty Program Leadership: Manage and evolve our companys bug bounty program, working with researchers and internal teams to resolve findings efficiently.

As a Security Researcher, you will be responsible for conduct in-depth research and analysis of new threats and vulnerabilities in the blockchain space and develop tools and systems to detect and mitigate security risks in real-time. Youll work closely with our engineering and product teams to develop security strategies, detect and mitigate exploits, and enhance our on-chain security platform. While prior Web3 experience is an advantage, we welcome applicants with a solid security research background looking to break into blockchain security.

Key Responsibilities:
Conduct in-depth security research on blockchain protocols, smart contracts, and decentralized applications.
Identify and analyze security vulnerabilities, exploits, and attack vectors in Web3 protocols.
Collaborate with the engineering team to integrate detection capabilities into our on-chain exploit detection system.
Create proof-of-concept (PoC) exploits and simulations to help test and validate threat scenarios.
Stay current with emerging threats, new technologies, and industry best practices in information security.

seeking an experienced Cyber Threat Researcher to join our cyber research team. This role involves in-depth research into SaaS application security, identifying misconfigurations, and providing insights that help secure our customers SaaS environments. Youll work closely with product, marketing, and R&D teams to ensure your research contributes to developing cutting-edge security features and customer value.

Key Responsibilities
Conduct Security Research: Conduct in-depth research into security risks and misconfigurations associated with SaaS applications, identifying trends and opportunities to enhance product capabilities.
API Analysis: Review SaaS application APIs to assess security functionalities, and determine how to leverage them for enhanced protection.
Cyber Threat Intelligence: Analyze emerging cyber threats and breaches to understand attack vectors, risks, and trends, applying this knowledge to enhance the security posture of our product and customers.
Collaborate Across Teams: Partner with product, R&D, and marketing teams to translate research findings into valuable product features and contribute to security-focused publications and thought leadership.

a Threat Researcher to join its Threat Intelligence Analysis (TIA) team. The team is responsible of discovering, analyzing and tracking advanced threat actors and campaigns, with a strong focus on high-end cybercrime and state-sponsored activities. You will join a team of motivated, independent & highly technical individuals and contribute the effort to protect customers and empower the brand.



Key Responsibilities
Identify, understand and monitor advanced campaigns using publicly available sources as well as internal telemetry.
Analyze malware and other hacking tools utilized by threat actors in active campaigns and intrusions.
Create technical research content for public and private intelligence reports.
Help build protections and detections based on deep understanding of advanced threat actors Tactics Techniques and Procedures (TTPs).
Collaborate with other security teams to assist threat intelligence and research tasks.

We are looking for a Cloud Threat Detections Engineer.
As a Cloud Detection Engineer, you'll be at the forefront of protecting organizations against sophisticated cloud threats, working with some of the industry's most advanced security technologies and enterprise-scale cloud environments. You'll have the unique opportunity to translate real-world adversary intelligence into innovative detection capabilities that protect many of the world's leading organizations across every major industry.
What You'll Do:
Research and develop detection content for cloud-native attacks, including identity-based threats, data exfiltration, privilege escalation, cloud-native tactics.
Create correlation logic and between runtime events and control plane activities.
Design and implement detection logic across multi-cloud and hybrid environments.
Collaborate with Threat Intelligence, OverWatch, and Incident Response teams to develop detections based on real adversary activities.
Partner with Product and Engineering teams to enhance detection capabilities.

Were looking for a highly technical and creative Security Researcher to join our research group. This role is central to navigating complex security landscapes, advancing our CNAPP offerings, crafting sophisticated algorithms, and pioneering cloud security research. Working alongside a diverse team, youll explore the cutting edge of cloud and AI-driven security, uncovering critical vulnerabilities, developing novel detection techniques, and driving impactful research publications. Join us in shaping the future of cloud security, where your work not only advances our technology but also deeply resonates with our commitment to exceeding customer expectations, streamlining for simplicity, and tackling challenges with creative solutions.
Responsibilities :
Collaborate with teams across the organization, including Product, Frontend, DevOps, and GTM, to develop and integrate top-tier features.
Conduct deep technical research into cloud-native environments.
Lead initiatives from their inception through to deployment, emphasizing backend system efficiency, scalability, and reliability.
Innovate in Defense Evasion, amplifying the capabilities of our agents and engines.
Forge new paths in cloud security research and cyber security algorithm development.
Deep dive into threat detection and product content that provide deep insights and added value to our customers.

We are looking for a researcher to help us harness the power of trillions of security signals to rapidly diagnose and alert the latest attacker behaviors, drive critical context-rich signals, construct new tools and automations to support customers, identify threats, and detect advanced attacker techniques.
Responsibilities:
Analyze various network devices, configurations and security products
Implement methods and algorithms to discover network topology, relationships between devices and potential lateral movement paths
Conduct network security assessments to identify weaknesses in customers network infrastructure, and recommend mitigations to monitor and limit unauthorized access
Develop research tools and frameworks to perform automatic analysis of network devices and security products
Research and analyze network-related cybersecurity threats and trends
Work closely with other internal engineering and AI teams to integrate new capabilities into our platform and guide cross-product architectural decisions
Act as a security subject matter expert for multidisciplinary teams

We are looking for a skilled and motivated security researcher to join our core Cyber-AI research team and help us harness the power of AI models and capabilities to solve challenges in the security domain.This role involves hands-on and multidisciplinary work, involving both cyber expertise and AI, driving novel research around LLM capabilities, limitations and developing workflow automation solutions.
Responsibilities:
Research methods & initiatives to integrate AI into cybersecurity workflows and create prototypes to prove your ideas
Apply deep Cyber domain understanding of offensive & defensive techniques to guide AI efforts and act as security expert for multidisciplinary teams
Design & create AI agents tuned for specific cybersecurity tasks, including surrounding framework and automation tools, working closely with Data Science team
Create unique training methods to keep Cyber models relevance over time
Create evaluation methods for models performance, coverage and accuracy
Stay updated with the latest advancements in AI and cybersecurity, experiment with open-source projects & tools

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security frameworks such as SALSA. This position reports directly to an R&D VP.

Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.