דרושים » תוכנה » Penetration Testing & Cyber Assessments Project Manager

abra North is seeking an experienced and highly skilled Information Security Consultant (GRC) and Privacy Specialist with proven expertise in governance, risk management, compliance, and data protection.?? Central region |?? Full-time |?? Hybrid Work Model Key Responsibilities Lead certification and compliance programs for international standards such as ISO 27001, ISO 27799, and ISO 27017
* Provide guidance on privacy and regulatory requirements, including GDPR and the Israeli Protection of Privacy Law (with emphasis on Amendment 13).
* Deliver CISO?as?a?Service, including building and managing security programs, driving risk management activities, and presenting status and recommendations to executive leadership and boards.
* Conduct Cyber/IT Risk Assessments, perform Gap Analyses, and develop actionable remediation plans.
* Develop methodological frameworks, including security policies, procedures, and annual work plans aligned with industry best practices.
* Provide high?level advisory support to align technical security solutions (EDR, DLP, Cloud Security, IAM, etc.) with regulatory and organizational requirements.
* Deliver cybersecurity and privacy awareness training for employees and management.

Were looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

we are looking for a Junior Cyber Security Specialist with a deep interest and basic knowledge of both information security and computer science.we ate a cybersecurity firm specializing in advanced adversary simulation and offensive security testing. We deliver Red Team assessments for Fortune 500 companies, simulating sophisticated, real-world attacks across external, internal, cloud and Active Directory environments. Our services span both stealth-based Red Team operations and risk-focused assessments, covering a wide range of attack surfaces including on-premise and cloud environments.
Responsibilities:
Participate in Red Team and Risk assessments under the guidance of senior team members
Assist in documenting findings, writing technical reports, and contributing to final deliverables for clients
Learn and simulate attacker tactics, techniques, and procedures (TTPs)
Support Risk Assessments, where the objective is to identify vulnerabilities, especially in Active Directory, without the requirement for stealth. These engagements provide deep insight into systemic weaknesses and offer high exposure to internal infrastructure.
Contribute to external assessments, such as, perimeter testing, and reconnaissance
Participate in internal, hands-on training program, which covers red team TTPs, tool usage, internal methodologies, and real-world scenarios

Alice is seeking an experienced Malware Research Director to build and manage multiple teams dedicated to malware research. This role presents an exciting opportunity to establish a new operation from the ground up, creating processes, optimizing and setting up cross-team collaboration while serving as the primary client interface. The position is primarily leadership, client-facing, creating solutions and requiring exceptional team-building and operational setup skills. The ideal candidate demonstrates high technical skills, proven experience in building teams from scratch, establishing new operations, and strong client relationship management capabilities. Key Responsibilities:
* Establish operational processes, workflows, and quality standards for the new teams
* Coordinate with other departments to integrate the new operation into the existing infrastructure
* Serve as primary client interface, managing relationships and ensuring client satisfaction
* Present research findings and malicious evidence to clients and stakeholders
* Advise on technical aspects for malware research challenges and automated solutions
* Create training programs and onboarding processes for new team members
* Develop performance metrics and evaluation frameworks for team effectiveness
* Lead client meetings, requirement discussions, and project planning sessions
* Collaborate with sales and business development teams on client engagements

About Alice:
Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.



Hybrid:
No

Were looking for an experienced GRC Manager to join our team in Israel. Were seeking someone with solid, hands-on experience who can take ownership and lead both technically and operationally.
You will lead the certification and accreditation processes , managing all current compliance frameworks and certifications. This includes both preparation activities and direct engagement with external auditors, from readiness and gap analysis through to achieving final reports or certificates.
Roles and Responsibilities:
Lead internal and external audit and certification cycles, ensuring readiness and successful completion of assessments.
Maintain and continuously improve internal control framework, ensuring that security and compliance controls are effective, documented, and aligned across ISO 27001, SOC 2, and privacy requirements.
Develop, maintain, and enhance security and compliance documentation, including policies, procedures, and evidence repositories.
Manage the ongoing risk management process by maintaining a centralized risk register and ensuring alignment between business objectives, regulatory obligations, and security controls.
Conduct internal audits and risk assessments to evaluate the effectiveness of technical and organizational controls.
Manage the cybersecurity onboarding and ongoing risk assessments of third-party vendors, while cooperating with Legal to ensure alignment with privacy compliance requirements.
Manage relationships with external auditors and consultants, ensuring timely completion of certification milestones.
Partner with cross-functional teams to strengthen the companys overall GRC posture and support continuous improvement initiatives.

looking for an Incident Response Team Leader to lead investigations and response activities in support of organizations worldwide.

Cyber threats are constantly growing in volume, velocity and sophistication. When an organization is confronted with an advanced attack, it needs the strongest capabilities on its side. In many cases, an incident response engagement is in fact a battle within a network. The operational art, experience, focus, and speed of response teams can mean the difference between a minor blow, and a devastating impact on an organizations performance and reputation.

The Incident Response Team Leader will be key to the success of Incident Response projects worldwide, and should possess strong leadership skills, be highly technical and thrive in a fast-paced and dynamic environment.

Main Responsibilities

Lead a team of top-tier cyber security researchers and forensic experts conducting assessments and in-depth analysis in complex investigations, as well as security assessments.

Guide and empower team members, enhancing their technical and research skills.

Lead client-facing projects including incident response and hunting efforts for large-scale sophisticated attacks, to contain and defeat real-world cyber threats.

Collaborate and work with clients IT and Security teams during investigations.

Design and improve internal incident response technologies, methodologies, and processes.

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization. In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.

A day in the life and how youll make an impact:

Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

We are looking for a talented, tech-savvy individual to join our Cyber Security team and help us tackle the toughest security challenges in cutting-edge ecosystem.
In this role, you will be a subject matter expert and play a major part in our efforts to build and maintain security infrastructure, design secure architectures, enforce security best practices, and automate security processes.
The Cyber Security team is composed of strong and experienced security engineers, responsible for defining the security strategy and managing all of infrastructure.
Responsibilities:
Define, implement, and maintain security policies, standards, and methodologies; ensure they evolve with new threats and technologies.
Design, deploy, and operate detection, prevention, and response technologies across a scaled, diverse, and complex environment (hybrid infrastructure: public cloud + on-premises).
Build and operate secure infrastructure: hands-on ownership of security configurations and system hardening.
Conduct security assessments, secure-design reviews and architecture assurance reviews to identify and mitigate possible security risks.
Automate security processes: configuration deployments, infrastructure management, detection, response, compliance checks, patching, configuration drift, etc.
Design, develop, and implement secure software development and deployment pipelines, incorporating best practices, automation, and CI/CD methodologies.
Stay ahead of emerging cyber threats and technologies: research, evaluate, pilot, and integrate where relevant.
Participate in creating incident response playbooks, coordinate incidents investigations, root cause analysis, and lessons learned.