לוח משרות דרושים מומחה אבטחת מידע / סייבר במרכז

About us Think about literally anything in your house. Your shirt. Your phone. That random IKEA wrench thingamabob you still haven’t thrown away. Odds are, it all came from somewhere else. Freight is the invisible magic trick that makes the global economy work. And we’re the ones helping it work a little bit faster, smarter, and cheaper. Freightos (Nasdaq: CRGO) is the global booking and payment platform for the trillion-dollar freight industry. Hundreds of airlines and ocean liners, thousands of freight companies, and over ten thousand importers and exporters use our platform to move goods around the world faster and more efficiently. This matters. Efficient freight ultimately makes things cost a little bit less when you buy them in the store. We’ve been on a rocketship (freight ship?) of double-digit growth for years, and we’re nowhere near done. About the Role We are looking for a hybrid powerhouse - a DevSecOps. In this role, you will be the "Ghostbuster" of our systems, an elite specialist who ensures our platform is not only lightning-fast and reliable, but also hardened against any digital threat. You are the kind of person who locks every back door behind you while keeping the gate always open for customers worldwide. Responsibilities:
* Lead security architecture and design reviews to ensure new systems and platforms meet security, reliability, and scalability requirements.
* Develop, implement, and enforce technical security standards, secure baseline configurations, and infrastructure hardening guidelines.
* Own the reliability, availability, performance, and security of production systems across the organization.
* Design, implement, and optimize secure and scalable CI/CD pipelines, integrating security practices throughout the SDLC.
* Build and maintain automation tools and operational processes to improve deployment efficiency, system stability, and security posture.
* Enhance security and observability by implementing and managing monitoring, logging, alerting, and SIEM solutions across distributed systems.
* Lead and participate in incident response activities, including threat monitoring, on-call support, and continuous improvement of operational readiness processes.
* Conduct security assessments, vulnerability management, and compliance audits to identify and remediate risks.
* Promote a security-first engineering culture by mentoring teams on secure coding, infrastructure, and deployment best practices.
* Stay current with emerging threats, vulnerabilities, attack vectors, and industry best practices, and proactively integrate improvements into engineering and security processes.
* Participate in the on-call rotation , with availability to support a global environment.

Hybrid:
Yes

Are you ready to evolve from a GRC Specialist into a strategic leader? We are looking for a high-potential GRC Specialist to join Fiverr. As a GRC at Fiverr you will be responsible for aligning Fiverr’s security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.


What am I going to do?:

* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.


Equal opportunities:
At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

At our company, we move fast. Were an ultra-collaborative company with brilliant people who care deeply about the details. Together, were solving interesting and complex puzzles to keep the worlds data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.
Job Overview:
We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.

We are seeking an experienced Incident Response Global Manager based in Israel to lead and coordinate cyber incident response operations across multiple regions.
This role is responsible for managing high-impact security incidents, overseeing global IR delivery, and ensuring seamless collaboration across a follow-the-sun model. The ideal candidate will combine strong technical expertise with leadership and stakeholder management skills.
Key Responsibilities
Lead and manage end-to-end incident response engagements for global clients
Coordinate cross-regional IR teams to ensure 24/7 coverage and effective escalation
Act as the primary point of contact for customers during critical incidents
Oversee incident investigations, containment, eradication, and recovery efforts
Develop and refine IR processes, playbooks, and best practices
Support proactive services such as readiness assessments and tabletop exercises
Provide executive-level reporting and post-incident analysis
Mentor and develop IR team members across regions.

We are looking for a Security Lead to join our companys R&D organization, taking a central, cross-functional role in shaping the security posture of our products. This role combines deep hands-on expertise with cross-organizational leadership, working closely with senior leaders to shape and implement security strategy across all product lines. You will lead end-to-end security initiatives, influence engineering practices at scale, and play a critical role in ensuring our products meet the highest security standards.
Key Responsibilities
Lead security in the R&D organization by professionalism and cooperation across our company
Maintain and develop the Secure Development Life Cycle of all our companys Products Organization, work with R&D, QA, Sales, Support, external researchers, and customers to make the cyber landscape a safer place.
Conduct architectural security reviews and threat modeling for R&D
Full triage for our company's VDP and BBP reports, including analyzing reports, calculating severities and communications with reporters.
Define and develop security training to implement cross organization
Be a first responder in security incidents, including leading and defining actions to resolution
Manage and monitor our company's SCA, SAST, DAST tools.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.

Were looking for a highly skilled Application Security Researcher to join our Security Research group and help us push the boundaries of modern AppSec. This is a critical, hands-on role where youll work closely with engineers, researchers, and AI & data scientists to build the next generation of application security - including autonomous, agentic pentesting capabilities.
This is not a typical AppSec role. Youll be building, breaking, and redefining how offensive security works at scale.
What Youll Be Doing:
Design and build detection engines and decision-making logic for autonomous security systems
Develop new classes of automated attacks leveraging deep application and infrastructure context
Conduct advanced research on chaining vulnerabilities, logic flaws, and complex attack paths
Prototype, build, and ship security capabilities into production environments
Collaborate with Product, Engineering, and Data teams to shape next-gen security features
Analyze large-scale data to identify attack opportunities and improve detection accuracy
Actively contribute to research direction, ideation, and innovation within the team

We are looking for a
Junior IT SecOps Specialist
with
at least 1-2 years of hands‑on experience
in security operations or IT security. The role is ideal for someone who already has foundational security skills and wants to grow into advanced SecOps responsibilities while working alongside experienced specialists within Kornits global hybrid environment.

This position aligns with the responsibilities defined for the SecOps team, including monitoring, incident response, and implementation of security technologies
What will you do?
Security Platforms & Daily Operations
Assist in operating and maintaining security solutions such as EDR/EPP, MFA, NAC, IPS, and secure DNS platforms.
Support onboarding and configuration tasks for new or existing security tools.
Perform routine health checks on security systems and escalate anomalies as needed.
Monitoring, Detection & Incident Handling
Monitor alerts and events from security platforms.
Perform first‑level triage, document findings, and escalate incidents to senior SecOps members
Participate in remediation activities with guidance (e.g., addressing misconfigurations or legacy system exposures similar to past findings)
Infrastructure Hardening & Compliance Support
Assist in applying IT security standards and guidelines across systems and environments.
Support the implementation of secure configurations for endpoints, servers, and cloud workloads under supervision.
Team Collaboration
Work closely with the CISO and senior SecOps team to support ongoing security initiatives and improvements
Collaborate with IT Infrastructure, Network, and Cloud teams to troubleshoot and secure operational environments.

We are looking for a highly motivated SOC/NOC Analyst to join our operations and security team. This role is responsible for monitoring, detecting, analyzing, and responding to security and network events across the organizations infrastructure and production environments.
The SOC/NOC Analyst will play a key role in maintaining service availability, identifying threats, investigating incidents, and ensuring timely escalation and resolution of operational and security issues. The ideal candidate is detail-oriented, analytical, and able to work effectively in a fast-paced, 24/7 environment.
Key Responsibilities :
Monitor security and network events using SIEM, monitoring, and alerting platforms.
Investigate alerts, anomalies, and incidents related to infrastructure, systems, applications, and network activity.
Perform first-level triage, validation, categorization, and escalation of security and operational incidents.
Respond to incidents involving suspicious activity, service disruption, connectivity issues, unauthorized access attempts, and infrastructure abnormalities.
Open, track, and update incidents in the ticketing system, ensuring accurate documentation and timely resolution.
Support incident response activities, including containment, evidence gathering, and post-incident analysis.
Monitor network performance, uptime, connectivity, and service health across production environments.
Assist in vulnerability management, log analysis, and security control validation.
Maintain runbooks, knowledge base articles, and operational documentation.
Contribute to process improvement initiatives to enhance monitoring coverage, response quality, and operational resilience.
Additional Notes :
This role requires shift-based work as part of a 24/7 monitoring and response function.

We are seeking a dynamic and experienced Threat Hunter to lead proactive cybersecurity efforts by uncovering hidden threats across our environment. In this role, you will drive hypothesis-based hunting, perform deep analysis and validation of security telemetry, investigate suspicious network activity, and continuously improve threat detection and response.
You will also assess CVE relevance and exploitability to prioritize real-world risk, and leverage threat intelligence feeds and enrichment pipelines to enhance hunting context, detection accuracy, and response effectiveness.
If you thrive in a fast-paced environment and are excited about pushing the boundaries of cybersecurity, we want to hear from you.
Responsibilities:
Apply data analytics to analyze security-related network data, uncover actionable threat intelligence, detect anomalies and malicious behavior, and automate findings into an enhanced detection system.
Leverage current cybersecurity knowledge to interpret and contextualize findings, enabling informed decision-making and proactive measures to strengthen overall cybersecurity defenses.
Work closely with Product and Engineering to translate threat intelligence into product strategy, prioritized features, and defensive enhancements.
Monitor and analyze the latest vulnerabilities, CVEs, exploits, and threat actor TTPs, with a focus on techniques relevant to microsegmentation, identity security, lateral movement, and internal reconnaissance.
Integrate external threat feeds and intelligence sources into our product - including normalization, enrichment, classification, and validation of feed relevance.
Contribute to detection logic, threat models, and internal tooling that turn intelligence into prevention and protection.
Provide on-the-fly support during customer incident response events and penetration testing exercises by leveraging expertise to promptly detect and block security threats.

We are looking for a Security Engineer to join our Security Engineering team. This is a generalist, "all-rounder" role - you will work across all security domains, while leading and owning a specific security domain based on your expertise.
You will define and drive security programs, design and implement security controls, and make architecture-level decisions across your domain. You will work closely with R&D, DevOps, and engineering teams, embedding security into how we build and operate at scale, and help shape a security-first culture across the organization.
What You'll Work On:
Define and maintain security standards, policies, and controls across all security domains - including SSDLC processes and secure development standards across R&D
Work hands-on alongside R&D, engineering, and IT teams to implement security controls, drive adoption, and ensure execution
Lead and contribute to large-scale security projects with real organizational impact
Evaluate, integrate, and operate industry-leading security tooling and platforms - including emerging startups with cutting-edge technologies
Build automation, tools, internal processes, Terraform modules, GitHub Actions, and AI agents for engineering teams and for your own team
Conduct security assessments and threat modeling.
Lead containment, investigation, and forensic analysis during security incidents
Identify security gaps and misconfigurations across cloud environments, infrastructure, and internal processes - and drive remediation through scalable, long-term solutions
Contribute across all security domains - cloud, application, AI security, detection engineering, IT, and more

Appdome’s mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides mobile brands with the only patented, centralized, data-driven Mobile Cyber Defense Automation platform, delivering rapid no-code, no-SDK mobile app security, anti-fraud, anti-malware, anti-cheat, anti-bot implementations, configuration as code ease, Threat-Events™ threat-aware UI/UX control, ThreatScope™ Mobile XDR, and Certified Secure™ DevSecOps Certification in one integrated system. With Appdome, mobile developers, cyber and fraud teams can accelerate delivery, guarantee compliance, and leverage automation to build, test, release, and monitor the full range of cyber, anti-fraud, and other defenses needed in mobile apps from inside mobile DevOps and CI/CD pipeline. Leading financial, healthcare, m-commerce, consumer, and B2B brands use Appdome to upgrade mobile DevSecOps and protect Android & iOS apps, mobile customers, and mobile businesses globally. Today, Appdome's customers use their platform to secure over 50,000+ mobile apps with protection of over 1B mobile end users projected. Job description Appdome is looking for a talented, passionate Offensive Researcher to join our innovative research team. If you’re eager to explore cutting-edge mobile security techniques and help safeguard the mobile app ecosystem, this is the role for you! As a key player in our security team, you'll design and execute sophisticated attack simulations on the Appdome platform. Your work will touch on diverse attack vectors, including file systems, networks, jailbreaks, memory injections, and more.

As the architect of the Autonomous SOC, you will dive deep into Windows and Linux internals to understand modern adversary techniques. Your mission is to transform the complex art of incident response into high-fidelity, automated science. You will investigate attacker tradecraft, analyze forensic artifacts, and build the logic that allows customers to respond to breaches in seconds.
How we work:
The Anatomy of an Attack: We deconstruct complex attack patterns across Windows and Linux to build forensic "blueprints." We don't just find a threat; we map out the exact response flows and forensic steps needed to dismantle it from the inside out.
Precision Matters: We obsess over finding the exact thresholds that allow us to neutralize threats without disrupting the user experience.
Innovation First: We aren't satisfied with off-the-shelf tools; we develop our own research frameworks and leverage AI to amplify our efficiency.
From Insight to Action: We don't just write reports. Every piece of research we conduct is designed to be codified into a sophisticated, automated response playbook that protects our customers at machine speed.
Were looking for people who want to see their research solve "impossible" problems in real-time.
Key Responsibilities
Deep Forensic Research: Conduct original research into Windows and Linux attack surfaces to identify new response and remediation vectors.
Codify IR Tradecraft: Translate complex investigative steps (e.g., memory forensics, binary analysis, or cloud-native IR) into scalable, automated workflows.
Engineer Autonomous Logic: Design "self-healing" security playbooks that don't just alert, but actively neutralize threats across Endpoint, Identity, and Cloud environments.
Telemetry Mining: Hunt through massive datasets in Cortex XSIAM to find the "ground truth" of an attack and validate that your automations are bulletproof.
Shape the Product: Act as a subject matter expert for the engineering team, influencing how our XDR and NDR sensors collect data based on your IR findings.