לוח משרות דרושים מומחה אבטחת מידע / סייבר

Alice is seeking an experienced Malware Research Director to build and manage multiple teams dedicated to malware research. This role presents an exciting opportunity to establish a new operation from the ground up, creating processes, optimizing and setting up cross-team collaboration while serving as the primary client interface. The position is primarily leadership, client-facing, creating solutions and requiring exceptional team-building and operational setup skills. The ideal candidate demonstrates high technical skills, proven experience in building teams from scratch, establishing new operations, and strong client relationship management capabilities. Key Responsibilities:
* Establish operational processes, workflows, and quality standards for the new teams
* Coordinate with other departments to integrate the new operation into the existing infrastructure
* Serve as primary client interface, managing relationships and ensuring client satisfaction
* Present research findings and malicious evidence to clients and stakeholders
* Advise on technical aspects for malware research challenges and automated solutions
* Create training programs and onboarding processes for new team members
* Develop performance metrics and evaluation frameworks for team effectiveness
* Lead client meetings, requirement discussions, and project planning sessions
* Collaborate with sales and business development teams on client engagements

About Alice:
Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.



Hybrid:
No

As a Principal Software Security Engineer, you'll be responsible for delivering offensive security engagements against public-facing and internal products. Youll also be responsible for security auditing of the product stack and researching nuances of securing SaaS platforms. This will require an in-depth knowledge of various approaches to application auditing, including secure code review, debugging, dynamic web application testing, analysis and threat modeling. Youll work closely with product engineering teams to provide investigative reports to improve platform resiliency and ensure best-in-class security solutions.

What you get to do in this role:

Work with diverse business and technology owners
Participate in offensive security engagements including external adversarial emulation.
Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities
Work with engineering teams on remediation
Create and maintain strategic relationships

We are seeking an experienced compliance professional to join our team and support compliance for our SaaS platform.
About the Position:
As Compliance Lead for the SaaS platform, you will be focused on leading and supporting compliance efforts with various regulatory regimes that apply to our SaaS business, including, but not limited to, economic sanctions, anti-bribery, and anti-corruption programs. In addition to these responsibilities, the Compliance Lead will conduct risk reviews of SaaS business customers and report findings to senior management. Risk reviews will encompass initial assessments of new SaaS licensees and ongoing reviews leveraging public information and blockchain analytics.
To be successful in this role, the candidate will need to work closely with internal and external stakeholders, including senior management, front line business leaders, and prospective SaaS licensees. Expertise in digital asset investigative processes, including customer due diligence and blockchain analysis, will be crucial in establishing and executing operations for this role. The ideal candidate will be comfortable working in a fast-paced environment handling multiple ongoing projects that are delivered on time. We are looking for a candidate armed with a roll-up-your-sleeves mentality and forward-thinking approach that is eager to help across multiple verticals and advise business teams on global risks.
This position reports directly to the company's Senior Director of Compliance and will be an independent contributor initially. This role will be based in the US, with preference for candidates based near our NYC HQ; although qualified candidates from other locations are highly encouraged to apply.

As a Cloud Infrastructure and AI Security, you will play a key role in securing multi-cloud infrastructure, embedding security into DevSecOps, and ensuring AI platforms and agentic integrations are built and operated with enforceable security controls.
This role requires deep, hands-on expertise across Cloud Infrastructure Security and AI Security. You will actively design, implement, and enforce security controls across multi-cloud environments and Agentic AI, working closely with R&D, Product, and DevOps teams to embed security directly into architecture and development from day one.
You will operate at the forefront of cloud security, AI and blockchain, helping define how agentic AI systems are implemented safely in production. This is an opportunity to work on cutting edge technologies, collaborate with experienced security and engineering professionals, and grow within one of the most advanced and rapidly evolving domains in modern security.
What You'll Do:
Design, implement, and maintain security controls across multi-cloud infrastructures
Work closely with R&D teams to understand constraints and risks in Agentic AI and Infrastructure
Design and implement runtime AI security controls (guardrails, filters, policy engines, gateways).
Build protections for LLM inference, agent tool execution, MCP / plugin frameworks, and RAG pipelines.
Implement prompt, input, and output inspection for abuse, jailbreaks, data leakage, and policy violations.
Secure Infrastructure, CI/CD pipelines, and automation workflows by embedding DevSecOps best practices
Conduct security reviews of product features, new technologies and ensure they meet security requirements.
Secure Kubernetes clusters and containerized workloads in production environments
Evaluate AI attack vectors (prompt injection, model poisoning, data exfiltration, jailbreaks, emerging attack patterns) and implement effective mitigations
Collaborate with other security teams to resolve security issues and implement security improvements.
Lead security projects and initiatives across environments to enhance the platform's security.

We are looking for a passionate and experienced Governance, Risk, and Compliance (GRC) operations specialist to contribute to our companys efforts in making the most security and trusted provider of digital asset management solutions. This role is critical in driving our day-to-day GRC programs, ensuring they are well maintained, run according to schedule, and align with our business needs.
As the GRC operations specialist, you will oversee the successful implementation and progress of GRC programs, practices, and projects, while collaborating with multiple cross-functional teams within the security department and outside of it.
What You Will Do:
Own, manage, and continuously improve the companys Third Party Risk Management (TPRM) program, making sure it is both aligned with expected security standards and best practices, and meets business requirements and SLAs.
Own, manage, and continuously improve the companys security awareness program, making sure its scope, content, cadence and overall performance are always aligned with the latest and most relevant expectations, while also well received and relevant to the business.
Manage ongoing operations within the GRC team including project management and tracking, financial planning and reporting, annual and periodic planning, and more.
Drive ongoing GRC efficiency through innovation, automation, data-driven decision making research and exploration.
Support and contribute to ongoing GRC operations such as internal and external audits, risk assessments, certification processes, policy management, business continuity program and more.

The Security & Information team is looking for someone who is passionate about technology and has a roll-up-their-sleeves mentality to join our global team. Youll play a crucial role in enhancing our security infrastructure, improving networking, ensuring scalability, and maintaining strong security as we continue to grow. If you want to be an industry leader, on a team experiencing hyper-growth, look no further!
Responsibilities :
Operates as the primary escalation point for critical security alerts, performing deep-dive DFIR investigations, analyzing attacker techniques and vectors, proactively hunting threats, and directing incident response activities.
Lead SecOps projects from inception to execution, ensuring effective implementation and ongoing maintenance.
Mentor a team of SecOps experts, providing technical guidance in a fast-paced environment.
Research how to leverage security telemetry and existing security solutions to improve triage and automated response.
Work cross-functionally to refine and evolve agentic workflows that drive automated security operations.
Coordinate investigation, containment, and other response activities with business stakeholders and groups.
Perform hands-on forensic investigations, log reviews, cloud investigations, and root-cause analysis
Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.

Were looking for a highly skilled Technical GRC Expert with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate Zenitys detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep Zenity secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as Zenity grows.
Responsibilities:
Own and mature Zenitys Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Zenitys Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

Were seeking a Senior Security Researcher to drive end-to-end research initiatives that strengthen detection capabilities. In this role, youll investigate emerging attack surfaces, craft and implement innovative detection logic, and test your findings in real-world environments. Its a hands-on position ideal for someone eager to transform research insights into effective, production-grade security defenses.
Responsibilities:
Research AI Agent and LLM-related risks, such as prompt injection and jailbreaking and implement sophisticated detection strategies.
Conduct research on cloud, web, and API security to uncover new threats and attack vectors.
Develop, refine, and design world-class detection logic and rules to enhance runtime protection.
Perform threat-hunting activities across large data sources to identify emerging attack patterns
Drive full-cycle research: from hypothesis and experimentation to production validation.
Collaborate with engineering and product teams to deliver actionable insights.

As a Mobile Threat Analyst at Alice, you will use your internet-fluency, online resourcefulness, broad areas of interest, technical skills, AI-driven methodologies, and hacker-like thinking to solve puzzles and lawfully access difficult-to-come-by open-source data from the deep web.
Responsibilities include:
*  data mining and advanced analysis - conducting high-level Open Source Intelligence
* Collaboration with technical teams
* Analyzing malicious activities online, getting to their sources & distribution methods
* Analyzing large, complex datasets using statistical, scripting, and AI-based techniques.
* Researching new online platforms to discover methods for automating data collection.
* Monitoring third-party websites, forums, messaging app channels, dark web communities, and emerging platforms to uncover malicious activities.
* Translating analytical findings into actionable recommendations for detection systems and enforcement strategies.
* Generate intelligence reports often regarding highly technical concepts and TTPs.

Were seeking an experienced Security Solutions Engineer to help us create new automations and scalable solutions for our customers. Your role will be both strategic and tactical, as youll be working directly with customers to understand their requirements, design solutions, and implement security controls. Join us on our mission to help every security team achieve operational excellence.
Your responsibilitie:
Design and implement security solutions to automate the real-world customer pains.
Provide expert advice and recommendations for security solutions that can achieve customer objectives.
Collaborate with the Sales team to establish a reputation for technical excellence and trustworthiness with potential customers.
Work jointly with other Solutions Engineers & Architects to support the Sales team with technical content and call support.
Establish and maintain a knowledge hub or repository of security best practices, resources, and insights.
Collaborate with the marketing team to generate demos, case studies, blogs, and videos.

Be a part of the team that is instrumental in constructing one of most exciting security solutions, and work on an innovative new product. In an era of increasingly sophisticated cyber-attacks, the Security Exposure Management security suite has emerged as a vital tool for enterprises, enabling them to identify, scrutinize, counter advanced breaches and data intrusions within their networks and manage their security posture.
Responsibilities:
We are seeking a security researcher, who enjoys unraveling the mysteries and unique patterns of corporate computing environments and attackers techniques in enormous scale of signals and security mechanisms, to join our Israeli research team and help provide our customers with tools to improve their security posture. The job includes performing both low level and high-level research of attackers techniques, security mechanism and controls, and data analysis over various types of telemetries.
Responsibilities include:
Analyze and research security controls, attackers techniques and anomalous patterns
Explore massive amounts of data to come up with new security posture insights, which can then be translated into security recommendations for our customers
Work together with the different engineering teams to develop the code to support the research findings
Collaborate with multiple product teams to design sensors, implement discovery & detection logics and validate their effectiveness using a data-driven approach
Collaborate with data science teams to understand and identify detection gaps, capabilities, assumptions and improvements
Collaborate with other teams across and come up with innovative ideas which should be part of future versions of the product

We are seeking an experienced SOC Manager to lead our Security Operations Center (SOC), with full responsibility for detection, response, and operational excellence. This role combines hands-on technical leadership with people management, process ownership, and alignment to business risk.
The SOC Manager will be accountable for the effectiveness, maturity, and scalability of security operations across the organization.
What you will do?
Oversee day-to-day SOC operations, ensuring timely threat detection, incident response, and threat mitigation. Own day-to-day SOC operations, ensuring effective threat detection, incident response, and containment across all environments.
Develop and implement SOC policies, processes, and playbooks to improve security effectiveness.
Continuously evaluate and enhance SIEM configurations, alerting mechanisms, and automation. Continuously optimize SIEM content, alert quality, detection coverage, and automation capabilities.
Team Management & Training- Recruit, mentor, and manage a team of SOC analysts and incident responders.
Lead incident investigation, containment, and remediation efforts, coordinating with internal teams and external partners.
Align security operations with MITRE ATT&CK, NIST, and other cybersecurity frameworks.
Produce clear, executive-level incident reporting and risk summaries for security leadership and stakeholders.
Stay updated on emerging threats, attack techniques, and security technologies to drive continuous improvements.

The Research team at our company takes on the immense challenge of identifying and stopping malicious activity across vast streams of traffic. By crafting innovative solutions, we empower our products to make trillions of decisions every day with unparalleled precision.
Our work directly impacts the safety of the internet and ensures that remains the best-in-class solution for our customers, standing strong against the ever-evolving tactics of attackers.


Were looking for a Senior Web Security Researcher to be part of a team of highly skilled professionals that include security researchers, data researchers, data scientists and software engineers who continuously hunt for threats, evaluate and develop new detection techniques, and share intel and attribution for cybercrime activity with the goal of protecting our customers while keeping the internet human.
What you'll do:

Play a lot with the web-browsers, trying to find differences in behavior between them.

Research and develop signal collection on both mobile and desktop, which enables detection and improve our protection

Find ways to detect automation, for example, tools like Selenium, Playwright or Puppeteer.

Understand customer specific requirements, deliver with impact and exceed customer expectations.

Discover adversary tactics, techniques, and procedures leveraged by bots.

Create and validate data insights to enhance detection excellence.

Share security research topics through blogs, research talks, knowledge base and external engagements including conference presentations, detailing your discoveries for internal and external sharing.

Find bad stuff on the internet, see if you can figure out how it is done, document it.

Red team, experiment, and develop new tactics for various kinds of fraud and to bypass our detection, no need to wait for an attack to be discovered and used by adversaries first.
Stay abreast of cyber security trends and events related to our mission.

Contribute high impact work that substantially benefits team level metrics and OKRs.

Develop techniques, tools and scripts to simplify yours and others work.