דרושים » אבטחת מידע וסייבר » Director Of Product Security

We are looking for a talented Application Security and Secure Software Development Lifecycle (Secure-SDLC) Expert to lead our elite security researchers team. As an Application Security Leader, you will take an active role in leading various services including penetration testing and security development lifecycle activities that will help evaluate our customers security level and improve it. A typical job could be breaking into a segmented secure system at a Fortune 500 organization or perform a threat modeling process for a critical enterprise system.
Responsibilities:
Ensure customers security by hands-on penetration testing, hypothesizing threats, helping development teams remediate risks upfront, and executing secure implementation efforts
Escort, evaluate and improve the application security development lifecycle of our customers, including Secure-SDLC gap analysis, threat modeling and other related activities
Improve secure coding and Secure-SDLC practices, application security requirements, automation, training, and metrics
Lead the internal Secure-SDLC process of the R&D department in
Identify, communicate, and drive the resolution of vulnerabilities as an application security domain expert
Research and advocate for new application security solutions and technologies
Continue to drive security evaluation earlier in the cycles through iterative security testing

Required Cloud Security Research Team Leader
Responsibilities
Team Leadership
Lead and mentor a team of top notch cloud security researchers.
Foster a culture of innovation, collaboration, and excellence within the team.
Provide technical guidance and support to team members.
Research and Development
Conduct advanced research in cloud security, focusing on emerging threats, vulnerabilities, and mitigation strategies.
Analyze logs and behavior of user activities on Cloud Environments & SaaS Applications
Hunt threat actors & insider threats
Optimizing existing algorithms to reduce false positives and increase the value of our products
Lead the publications of cyber security oriented blogs and articles
Drive the development of new security technologies and methodologies for cloud environments.
Stay updated with industry trends and advancements in cloud security.
Collaboration:
Collaborate with product management, engineering, and other stakeholders to implement your team latest research
Work closely with development teams to integrate security features into our product
Communicate research findings and recommendations effectively
Security Strategy:
Contribute to the development and implementation of cloud security strategies and policies
Assess and mitigate risks associated with cloud deployments and operations.
Ensure compliance with industry standards and regulations related to cloud security.

We are seeking a talented, tech-savvy individual to join our Cyber Security team and address the most challenging security issues within cutting-edge ecosystem. In this role, you will serve as a subject matter expert, playing a crucial part in building and maintaining security infrastructure, designing secure architectures, enforcing security best practices, and automating security processes.
Our Cyber Security team comprises experienced security engineers responsible for defining the security strategy and managing all of infrastructure.
Responsibilities:
Design, deploy, and operate technologies to detect, prevent, and analyze security threats in a diverse and complex environment, encompassing both public cloud and on-premises systems.
Conduct hands-on activities to maintain and operate security infrastructure.
Automate security processes to enhance and support security posture.
Design, develop, and implement secure software development and deployment pipelines, incorporating best practices, automation, and CI/CD security methodologies.
Develop, implement, and maintain security policies, standards, and methodologies.
Identify and evaluate new cybersecurity technologies.

We are looking for a Red Team Expert with a deep understanding of both information security and computer science. The right person will have to learn advanced concepts such as application manipulation, exploit development, and stealthy operations. This is not a press the button type of job! This career is technical and challenging with opportunities to work in some of the most exciting areas of security on extremely technical and challenging work. A typical job could be breaking into a segmented secure zone at a Fortune 500 organization, reverse engineering an application and both developing and exploiting the most recent vulnerabilities, all without being detected.
Responsibilities:
Global organization red-team assessments and security posture
Co-ordinate and execute systems and network level advanced red team exercises for different environments
Design and develop scripts, frameworks and tools required for facilitating and executing complex undetected attacks
Configure and troubleshoot security infrastructure devices
Develop technical solutions and new security capabilities to help mitigate security vulnerabilities and automate repeatable tasks
Write or assist with comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement

We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.

The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.


RESPONSIBILITIES

Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support security and privacy obligations.
Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
Manage customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.

We're seeking an experienced CISO for a part-time, flexible consulting role to guide our security strategy and ensure best practices across development and infrastructure teams. This role also plays a key part in supporting our compliance initiatives.
Key Responsibilities:
Oversee and maintain security policies and processes
Advise application development teams on secure coding and architecture
Support infrastructure teams with secure configuration and best practices
Lead involvement in key compliance activities.

We are seeking a highly skilled and experienced Security GRC (Governance, Risk, and Compliance) Specialist to join our team. The ideal candidate will report to the GRC manager, have a strong background in security governance, risk management, and compliance, with a proven track record of successfully implementing GRC programs.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Respond to customer due diligence requests, assist with contract agreements, and participate in customer calls to address GRC-related inquiries.
Conduct risk assessments and identify potential security threats and vulnerabilities.
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Design and maintain security awareness program (e.g., conduct phishing simulations, generate newsletters, administer training platform)
Monitor and report on the effectiveness of GRC programs and controls.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.
Perform technical risk assessments.

Are you looking for a challenge that puts you at the center of the worldwide Platform? Are you passionate about finding security breaches and vulnerabilities? Do you have Offensive mindset? 
Azure Networking is one of the core organizations that build Azure, the worlds largest network, leading digital transformation, empowering, and connecting enterprises and individuals around the world. The team in Israel is specializing in Network security, developing services that protect the Azure platform, the users and apps running on top of it.
we are a world leader in security and is obsessed with making sure that our platform and services are secure, and we can protect our customers and their workloads. We are expanding security research team. The team will focus on making sure our services are built with a security-first mindset by proactively looking for breaches and vulnerabilities in the across Azure architecture and services, to make sure Azure is safe, secure, and reliable.
our companys mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Be a subject matter expert, leveraging a broad and current understanding of security to devise new protections and exploit mitigations.
Identify security vulnerabilities and gaps in a wide variety of key services across Azure services, network protocols and architecture.
Collaborate with other security and product teams to improve security, and articulate the business value of security investments for designing and developing new security mitigations and defenses.
Drive security root cause analysis, identifying key gaps and being able to drive effective mitigations while understanding the engineering constraints.
Interaction with the security ecosystem and leadership in and outside of our company.

Position Overview:
our MDR team is at the forefront of worldwide data detection and response services. We lead and redefine how data should be monitored, and protected and how data breach incidents should be handled. Its a 24/7 global security service assisting customers to investigate and respond to security incidents.
A Senior (Level 3) Security Analyst within our MDR team is expected to serve as their teams technical lead and a key escalation point for complex security incidents.
In your role, you will lead complex investigations, working directly with customers by assisting them in investigating and responding to security incidents.
As a senior staff in your team, you are expected to mentor junior analysts, and drive continuous improvement of our detection and response capabilities. You will collaborate with internal and external stakeholders, and ensure best practices are followed across monitoring, detection, and incident response processes. This position requires a strong foundation in cybersecurity operations, a deep understanding of SIEM technologies and log sources, as well as the ability to train and document processes for others.
Responsibilities:
Incident Escalations & Investigations
Serve as an escalation point for security alerts and incidents, ensuring timely and thorough investigations.
Perform end-to-end incident handling, including scoping, containment, and eradication activities.
Coordinate and communicate with customers, leadership, and other stakeholders throughout the incident response lifecycle.
Understand, interpret, and analyze a diverse range of log sources (Exchange Online, Entra, Active Directory, Windows events, Azure, DNS, VPN, etc.).
Proactively identify potential threats and anomalies, recommending and implementing improvements in detection logic.
Training & Mentorship:
Assist in training and upskilling junior and mid-level analysts, including sharing best practices in investigations, threat hunting, and emerging threats.
Provide guidance in troubleshooting escalated issues, ensuring efficient knowledge transfer and professional growth within the team.
Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
Provide feedback on gaps or improvements needed in processes, documentation, or technology.
Work closely with Team Leads and other senior staff to align on operational goals, SLA adherence, and service delivery standards.
Communicate findings, root causes, and recommended actions to both technical and non-technical stakeholders clearly and effectively.
Share insights and best practices with the broader team, championing a culture of continuous learning.