דרושים » אבטחת מידע וסייבר » GRC Operations Specialist

Were looking for a highly skilled Technical GRC Expert with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate Zenitys detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep Zenity secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as Zenity grows.
Responsibilities:
Own and mature Zenitys Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Zenitys Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

We are looking for an experienced Security Engineer to join our security operations team with a strong focus on detection and response.
This is a unique opportunity to leverage your threat detection and response experience and build some of the foundational systems and services to keep our infrastructure free from malicious actors and threats. You will partner closely with all engineering teams, IT administrators, and compliance analysts to ensure that we maintain sufficient visibility into our environments and develop effective programs and practices to ensure that our environments are always secure. Tooling and automation will be key to success as we scale our environments to meet customer demand.
What You Will Do:
Collaborate with different teams for building and setting up pipelines needed to gather relevant security telemetry.
Build and maintain an effective and scalable security monitoring infrastructure solution.
Develop detection strategies to identify anomalous activity and ensure that our critical infrastructure and services operate in a safe environment.
Triage alerts and drive security incidents to closure while reducing their potential impact to Semperis.
Build processes and workflows to triage security alerts and respond to real incidents.
Research new threat attack vectors and ensure that our detection and response capability is in line with the current threat landscape.
Proactively improve the quality of our detection rules and strive to eliminate classes of issues by working directly with engineering teams.
Contribute to strategy, risk management, and prioritization for all efforts around detection and response.
Collaborate with the compliance team to maintain and audit security controls and processes, ensure compliance with relevant security frameworks and certifications.
Pragmatic implementing business-focused controls to safeguard the companys multi-cloud entities.

seeking a senior, hands-on CISO & Head of IT to act as "one-man-show" authority for IT operations and information security. This role owns IT and Information Security e2e for core business functions:
setting direction, making structural and vendor decisions, and defining what "good" looks like, while also answering questions in real time, exercising sound judgment, and taking ownership when issues arise.
This is a highly visible leadership role focused on judgment, ownership, and practical execution.

Key Responsibilities

Information Security & Risk

Build and maintain a pragmatic information security and IT risk management program aligned with business priorities.
Lead security risk assessments and drive remediation in partnership with engineering, IT, and business teams.
Define and maintain security policies, standards, and secure-by-design practices in collaboration with our Product House organization.
Promote security awareness and accountability across the company, including ownership of employee security training programs.
IT Ownership

Own internal IT environment, including identity and access management (e.g., Okta), Google Workspace, endpoints, and core SaaS tools.
Ensure smooth employee onboarding and offboarding.
Act as a point of escalation for IT issues and access problems, including hands-on work.
Manage external IT service providers and helpdesk vendors, including SLAs and escalation.
Security Operations

Own the overall effectiveness of security monitoring, detection, and response.
Design and maintain preventive controls, processes, and readiness measures to reduce the likelihood and impact of data security incidents.
Ensure vulnerabilities, findings, and incidents are identified, prioritized, and addressed.
Lead preparation for security incidents, including incident response planning, tabletop exercises, and coordination with Legal, Product House, and external partners.
Stay current on emerging threats and translate them into practical, risk-based improvements for the business.
Audits, Customers & Vendors

Lead security audits and certifications (e.g., SOC 2, ISO 27001) and serve as the primary contact for auditors.
Personally own customer security questionnaires and security discussions.
Partner closely with Legal on privacy, regulatory, and contractual security matters.
Oversee the IT and security budget and manage relevant vendors and advisors.

We are seeking an experienced SOC Manager to lead our Security Operations Center (SOC), with full responsibility for detection, response, and operational excellence. This role combines hands-on technical leadership with people management, process ownership, and alignment to business risk.
The SOC Manager will be accountable for the effectiveness, maturity, and scalability of security operations across the organization.
What you will do?
Oversee day-to-day SOC operations, ensuring timely threat detection, incident response, and threat mitigation. Own day-to-day SOC operations, ensuring effective threat detection, incident response, and containment across all environments.
Develop and implement SOC policies, processes, and playbooks to improve security effectiveness.
Continuously evaluate and enhance SIEM configurations, alerting mechanisms, and automation. Continuously optimize SIEM content, alert quality, detection coverage, and automation capabilities.
Team Management & Training- Recruit, mentor, and manage a team of SOC analysts and incident responders.
Lead incident investigation, containment, and remediation efforts, coordinating with internal teams and external partners.
Align security operations with MITRE ATT&CK, NIST, and other cybersecurity frameworks.
Produce clear, executive-level incident reporting and risk summaries for security leadership and stakeholders.
Stay updated on emerging threats, attack techniques, and security technologies to drive continuous improvements.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization. In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.

A day in the life and how youll make an impact:

Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

Systems Development Engineering (SDE) at our company is a role where you manage services and systems at scale. SDEs creatively put their engineering discipline to use automating the mundane and reducing toil. We dont just write code to fix bugs, but emphasize the development of tools and solutions that fix classes of problems. We know its hard to control what you cant measure - so we focus on observability: instrumenting first, then turning data into knowledge, and finally knowledge into action. We know that the operational efficiency of our company systems, services, virtual compute environments and the operating systems that power them impact the environment, not just the bottom line. We know that working together we can do more, and that community matters.
our company brings together people with a wide variety of backgrounds, experiences and perspectives. We encourage them to collaborate, think big and take risks in a blame-free environment. We promote self-direction to work on meaningful projects, while we also strive to create an environment that provides the support and mentorship needed to learn and grow.
Together we engineer and build the infrastructure, tools, access and telemetry for systems that enable orchestration of our company-scale services. Come build things that matter.
The Managed Services Technology team plays a vital role in the Managed Threat Defense service delivery life-cycle. We are responsible for provisioning Security Operations (SecOps) and third-party security technology. This role focuses on deploying and integrating customer security technologies.
In this role, you will collaborate with enterprise clients, customers, internal stakeholders, and cross-functional teams to quickly and accurately provision and integrate SecOps and other customer-managed security technologies.
Part of our company Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.
Responsibilities
Oversee the security technology provisioning lifecycle for new and existing customers.
Develop technical implementation plans based on customer expectations and shared information.
Facilitate project management and technical support during onboarding. Collaborate closely with customers and internal teams.
Collaborate with customers to triage and implement remediations and recommendations.
Document all implementation details and collaboration meeting notes in the internal tracking system.

our company's Technology Consulting team is looking for a Cybersecurity Consultant to join our cyber department.
The Cyber Department works with a variety of clients in different fields: Government, Hi-tech, Industry, Retail, Hotels, Defense and more.
The Job Will Include:
Client Engagement: Leading, guiding and advising to clients in Israel and abroad as well as joint projects with various partners of our company global on cyber security projects based on methodology, regulation and standards
Technologies: Work with different aspects of cyber security in multiple fields such as IT, OT & Cloud
Security Assessments: Carrying out risk surveys including cyber, operational and supply chain risks
Advisory and Strategy Development: Developing business continuity plans (BCP) ,cyber security and maturity programs, secure architectures, policies and information security procedures
Collaboration: Leading representative and high-profile meetings with client internal senior management.

We are seeking an experienced Security Engineering leader to lead our companys Next security engineering practice. The head of security engineering will lead a team of highly talented security engineers and architects in different cybersecurity domains including (but not limited to): cloud security, application security, data security, identity and access management, security monitoring, detection and response and more.
We are looking for an expert with leadership skills, to be the main focal point across the company for everything related to the above domains and support our companys transformation into leadership in the cybersecurity market.
What youll do:
Lead, mentor and scale multidisciplinary security teams
Engage with cyber security leaders across all business sectors
Assist organizations with securing their public cloud infrastructure, applications and data
Conduct risk assessments for different public cloud environments
Develop cyber security assessments and controls implementation methodologies and best practices
Partner closely with our customers engineering, DevOps, and IT teams
Engage with our companys Next partners such as: Google, AWS, Microsoft and others to provide state of the art solutions to our customers
Serve as a senior advisor to our companys leadership.