דרושים » אבטחת מידע וסייבר » Head of Security

Were seeking a Security Lead to join our team. This role is ideal for someone who can shape security foundations from the ground up. Youll solely build, lead and scale our security program across product, infrastructure and internal operations. This is a hands-on leadership role in which you will define our security strategy, drive execution, take ownership of maintaining security within our cloud environment and ensure that our customers, partners and employees can trust our platform and data handling.

Responsibilities

Embed secure-by-design and secure-by-default practices into the SDLC, partnering with engineering on threat modeling, secure code reviews, SAST/DAST, vulnerability management, and integrating practical, developer-first security solutions directly into development workflows.
Manage hands-on application and cloud security execution, reviewing code, hardening services, improving AWS/GCP configurations, IAM, networking, and secrets management, building cloud posture management, and integrating security into CI/CD, containers, and infrastructure-as-code.
Drive LLM and GenAI security innovation, implementing guardrails, prompt injection protections, MCP authorizations, and AI-specific security controls to ensure resilient and safe AI-powered systems.
Own incident response and security operations end-to-end, including preparation, detection, mitigation, root-cause analysis, remediation, communications, and developing internal standards, playbooks, and automation to scale the function from scratch.
Lead privacy, data lifecycle, and compliance initiatives, owning SOC 2, ISO 27001, GDPR, and regulatory readiness, while representing security in customer and partner discussions and translating technical controls into business assurance.

seeking a senior, hands-on CISO & Head of IT to act as "one-man-show" authority for IT operations and information security. This role owns IT and Information Security e2e for core business functions:
setting direction, making structural and vendor decisions, and defining what "good" looks like, while also answering questions in real time, exercising sound judgment, and taking ownership when issues arise.
This is a highly visible leadership role focused on judgment, ownership, and practical execution.

Key Responsibilities

Information Security & Risk

Build and maintain a pragmatic information security and IT risk management program aligned with business priorities.
Lead security risk assessments and drive remediation in partnership with engineering, IT, and business teams.
Define and maintain security policies, standards, and secure-by-design practices in collaboration with our Product House organization.
Promote security awareness and accountability across the company, including ownership of employee security training programs.
IT Ownership

Own internal IT environment, including identity and access management (e.g., Okta), Google Workspace, endpoints, and core SaaS tools.
Ensure smooth employee onboarding and offboarding.
Act as a point of escalation for IT issues and access problems, including hands-on work.
Manage external IT service providers and helpdesk vendors, including SLAs and escalation.
Security Operations

Own the overall effectiveness of security monitoring, detection, and response.
Design and maintain preventive controls, processes, and readiness measures to reduce the likelihood and impact of data security incidents.
Ensure vulnerabilities, findings, and incidents are identified, prioritized, and addressed.
Lead preparation for security incidents, including incident response planning, tabletop exercises, and coordination with Legal, Product House, and external partners.
Stay current on emerging threats and translate them into practical, risk-based improvements for the business.
Audits, Customers & Vendors

Lead security audits and certifications (e.g., SOC 2, ISO 27001) and serve as the primary contact for auditors.
Personally own customer security questionnaires and security discussions.
Partner closely with Legal on privacy, regulatory, and contractual security matters.
Oversee the IT and security budget and manage relevant vendors and advisors.

we are looking for a Cybersecurity Manager, AI Security Practice
Role Overview:
As a Manager in the Cybersecurity Practice with a focus on AI Security, you will drive strategic growth of offerings at the intersection of cybersecurity, artificial intelligence (AI), and governance risk & compliance (GRC). You will lead client engagements, shape innovative service offerings, influence go-to-market strategy, mentor delivery teams, and help organizations secure AI transformative initiatives.
This role sits at the convergence of consulting, technology, and risk advisory, requiring both deep technical expertise in AI and ML security architectures and senior client relationship leadership. You will work cross-functionally with global teams including cyber, cloud, data, AI and risk to embed security strategies into clients AI journeys.
Responsibilities:
Strategic Leadership & Practice Growth:
Define and execute the strategic roadmap for AI security offerings and solutions, including consulting frameworks, accelerators, and tool integrations.
Drive thought leadership in AI risk management, secure AI adoption, and cyber governance for emerging technologies.
Lead go-to-market strategy, including positioning, business development, proposals, pricing, and differentiation in AI security.
Influence global cyber offerings to incorporate AI risk, threat modeling, compliance, and resilience considerations.
Client Delivery & Engagement:
Lead complex client engagements end-to-end, from scoping through delivery, ensuring high quality, on-time and profitable execution.
Advise enterprise clients on secure AI adoption, AI threat landscape, governance frameworks, secure deployment patterns, and operational resiliency.
Architect secure AI and ML environments, including identification of risks such as data poisoning, model extraction, integrity attacks, and unauthorized access.
Integrate AI security with enterprise security programs, cloud, DevSecOps, identity and access management, and compliance controls.

We are looking for a Vulnerability Manager to join the Cyber Security organization, reporting to the Vulnerability Lead within the Cyber Security PMO under the CISO.
This role focuses on execution and operational management of the organizations vulnerability management activities. You will work closely with the Vulnerability Lead to drive day-to-day remediation efforts, ensure SLA compliance, and maintain continuous progress across teams.
The ideal candidate is execution-driven, detail-oriented, and experienced in vulnerability management processes within cloud, infrastructure, and application environments.
Responsibilities
Vulnerability Management Execution
Drive day-to-day execution of vulnerability management processes across cloud, infrastructure, SaaS, and application environments.
Track vulnerabilities from identification through remediation and validation.
Ensure SLA adherence and timely remediation across teams.
Execute prioritization based on risk, severity, and business impact as defined by the Vulnerability Lead.
Stakeholder Coordination
Work closely with Security, DevOps, Infrastructure, and Engineering teams to drive remediation efforts.
Follow up on tasks, remove blockers, and ensure continuous progress.
Provide regular status updates and reporting to the Vulnerability Lead and PMO.
Tracking & Reporting
Maintain accurate tracking of vulnerabilities, remediation status, and KPIs.
Support dashboards and reporting on SLA compliance, exposure trends, and risk reduction.
Process & Improvement
Support improvement of vulnerability management processes, workflows, and tooling.
Assist in audits, compliance activities, and documentation.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team.
Job Id: 24652
This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

We're looking for a Senior Governance, Risk, and Compliance (GRC) Specialist to join our global GRC team. In this critical role, you will help secure the platform that powers the software supply chain for thousands of the world's top organizations.
Reporting to the GRC Manager, you will work alongside a talented team to enhance our security posture, establish GRC best practices, and embed security governance into our fast-paced, DevOps-driven culture. You will be a key advisor, helping to translate complex risks and compliance requirements into actionable controls that support missin.
As a Senior GRC specialist you will...
Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets.
Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2).
Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings.
Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment.
Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with risk appetite.
Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated.
Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members.

We are looking for a Security Engineer to join us. In this role, you will take part in securing our companys production environments across network, data, and AI domains. You will work closely with SRE, DevOps, platform, and internal security teams to design, operate, and continuously improve security controls, reduce risk, and strengthen our detection and response capabilities in a fast-growing, cloud-native environment.
Responsibilities
Support, maintain, and operate network, data, and AI security controls across our companys production environments, and continuously improve protection, detection, and response capabilities.
Design, implement, and troubleshoot network security mechanisms, including segmentation, access controls, and traffic inspection, to reduce attack surface and lateral movement.
Secure sensitive data and databases by enforcing encryption, permissions, and access governance, auditing, and monitoring to prevent data leakage and misuse.
Identify security risks related to AI systems, data pipelines, and inference services, and help define controls to protect models, training data, and AI-driven workflows.
Collaborate with engineering, SOC, and platform teams to identify high-risk assets, abuse scenarios, and attack paths, and translate them into actionable security controls and detections.
Support incident response activities by serving as an escalation point for complex network, data, and AI-related security incidents.
Contribute to improving security visibility, detection logic, and response processes, including documentation and knowledge sharing across the Cyber Defense Group.

Were looking for a highly skilled Technical GRC Expert with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

Are you ready to evolve from a GRC professional into a strategic leader? We are looking for a high-potential GRC Specialist to join our company. As a GRC at our company you will be responsible for aligning Fiverrs security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.
What am I going to do?:
* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.

At our company, we are building an open and flexible Agentic Engineering Platform for modern engineering organizations. Following our recent $100M Series C funding round, we are in a phase of rapid hypergrowth with strong enterprise momentum.
We act as the central nervous system for engineering, enabling platform teams to unify their stack and expose it as a governed layer through golden paths for developers and AI agents. By combining rich engineering context, workflows, and actions, we help organizations transition from manual processes to autonomous, AI-assisted engineering workflows while maintaining control and accountability.
As a product-led company, we believe in building world-class platforms that fundamentally shape how modern engineering organizations operate.
About Your Day-to-Day
As a Security Specialist, you will play a meaningful role in shaping how our company operates and scales its security posture. You will be the hands-on backbone of our security team, you will keep our systems running, respond to alerts, and ensure our SDLC is secure from commit to production.
You will work closely with R&D, DevOps, and the IT team, take ownership over daily security operations and automations, and help transform complex security threats into clear, structured outcomes.
Responsibilities
Own and execute daily security operations with independence and accountability, including monitoring, triaging, and responding to alerts across all platforms.
Collaborate with R&D and DevOps to align security priorities within the CI/CD pipeline and embed secure coding practices into the development lifecycle.
Turn ambiguity into structured processes by building SOAR playbooks to automate repetitive tasks and creating detection rules tuned to our companys environment.
Drive high-quality execution in vulnerability management, coordinating remediation with engineering teams according to strict SLA timelines.
Communicate clearly by documenting incident root causes, maintaining security dashboards (MTTD/MTTR), and reporting on security metrics.
Continuously improve workflows by tuning security tools (EDR, CNAPP, IAM), suppressing false positives, and automating evidence collection for compliance.
What Success Will Look Like
Success in this role means becoming a trusted, reliable contributor who brings clarity and stability to our companys security environment.
Within the first months, you are expected to:
Take full ownership over the security alert workflow and operate independently in incident investigation.
Deliver consistent, high-quality outcomes in managing our security tooling stack (EDR, IAM, and secrets management).
Proactively identify gaps in the SDLC security gates or inefficiencies in manual triage and address them through automation.
Build strong working relationships with the Engineering and IT teams based on trust and accountability.
Contribute to a calmer, more predictable, and better-organized security environment by reducing noise and automating toil.