לוח משרות דרושים מהנדס סייבר

This position is intended for a candidate with a background in security engineering who is looking to transition into a cybersecurity architecture role. The role focuses on reviewing cloud and SaaS environments, assessing the effectiveness of security controls, and supporting security maturity assessments and mitigation planning activities.This is a junior‑level architecture role with an emphasis on technical analysis, control review, and security design assessment. The position prioritizes architectural evaluation and advisory activities over hands‑on implementation.

Responsibilities
Perform security maturity assessments, including reviews of technical controls, configurations, and architectural designs, aligned with the NIST CSF 2.0 cybersecurity framework.
Conduct technical configuration and control reviews of cloud environments and SaaS platforms (read‑only / observer role).
Analyze security architectures and technical implementations to identify gaps, risks, and improvement opportunities.
Translate technical findings into clear architectural observations and recommendations.
Produce structured assessment reports and technical findings for both technical and non‑technical audiences.
Maintain internal technical documentation and contribute to architectural knowledge within the team.
Collaborate with R&D and product teams on ad‑hoc cases as a cybersecurity technical subject‑matter contributor.

Were looking for a Staff Application Security Engineer to join our IT and Security team. This role is ideal for a hands-on security professional who is passionate about working closely with engineering teams to design secure software, fix vulnerabilities, and promote a culture of security across the organization.
Youll be responsible for shaping and owning our Secure Software Development Lifecycle (SSDLC), managing security tooling, and leading the assessment of application and API security across our products and services.
Here are a few of the things you will do:
Collaborate directly with engineering teams to define remediation strategies, track implementation, and validate security fixes across the application stack.
Design, implement, and drive SSDLC practices across the company-from security design reviews and threat modeling to proactive triaging in production.
Conduct threat modeling, architecture reviews, and security assessments of cloud-based applications and services, including those leveraging emerging technologies.
Manage our bug bounty program, validating reports and coordinating response and resolution.
Own and operate our suite of AppSec tools including SAST, ASPM, and other security scanners-triaging findings, prioritizing issues, and guiding engineering toward resolution.
Review source code and applications to identify vulnerabilities and collaborate with dev teams on remediation.
Act as the point of contact for findings from penetration tests, automated scanners, and external assessments, helping manage triage and ensure timely fixes.
Continuously research and stay current with application security trends, frameworks, vulnerabilities, and best practices.
Promote a strong security culture across the company by educating and enabling engineers, architects, and DevOps teams to build secure software from the ground up.

Were seeking an experienced Security Solutions Engineer to help us create new automations and scalable solutions for our customers. Your role will be both strategic and tactical, as youll be working directly with customers to understand their requirements, design solutions, and implement security controls. Join us on our mission to help every security team achieve operational excellence.
Your responsibilitie:
Design and implement security solutions to automate the real-world customer pains.
Provide expert advice and recommendations for security solutions that can achieve customer objectives.
Collaborate with the Sales team to establish a reputation for technical excellence and trustworthiness with potential customers.
Work jointly with other Solutions Engineers & Architects to support the Sales team with technical content and call support.
Establish and maintain a knowledge hub or repository of security best practices, resources, and insights.
Collaborate with the marketing team to generate demos, case studies, blogs, and videos.

We are At Cross River, we're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely. With 900+ employees worldwide and an R&D center of over 160 employees in Jerusalem - we’re reshaping how financial technology is developed and delivered.

The Role:
We’re seeking a Senior Application Security Engineer who is first and foremost a teacher, advisor, and enabler for our development teams. Rather than owning security alone, you’ll embed secure-by-design thinking across engineering by mentoring developers, guiding architecture decisions, and making secure development intuitive and frictionless. You’ll serve as the go-to partner for developers and engineering leaders, offering clear direction, practical solutions, and hands-on mentorship that strengthens our secure SDLC.

Who You Are:

* A proactive self-starter with deep expertise in application and cloud security
* Passionate about secure development and enabling engineers through thoughtful guardrails
* Clear and confident communicator who can influence across technical and non-technical teams
* Curious about emerging threats and excited by the challenges of blockchain security
* Committed to excellence, with a strong sense of ownership and a drive to build secure systems that scale

What You’ll Actually Be Doing:

* Mentor, coach, and educate developers on secure coding through workshops, training sessions, pair reviews, and ongoing guidance
* Lead and scale a Security Champions program embedded within engineering teams
* Facilitate threat modeling sessions and design reviews, partnering with teams early in the process to improve security outcomes
* Collaborate with engineering leadership to ensure secure architecture patterns, API security practices, and design principles are built in from day one
* Integrate and tune developer-friendly AppSec guardrails into CI/CD pipelines (SAST, SCA, IaC, secret scanning) while minimizing noise for developers
* Translate vulnerabilities into clear, actionable remediation guidance that developers can easily implement
* Support security awareness across engineering by building engaging internal content, best-practice playbooks, and reusable patterns
* Partner with compliance teams to produce documentation and SDLC evidence supporting FFIEC, PCI DSS, and SOC 2 requirements
* Stay current on emerging threats, developer tooling, and secure engineering patterns — sharing insights regularly with the team


Why You’ll Love Working Here:

* Flexible hybrid model: 3 days a week in the office
* ₪1,000 net monthly wellness benefit – from therapy to Pilates to your kid’s art class
* Full Keren Hishtalmut, private health & dental insurance
* Donation matching, volunteering days, team outings, and mentorship programs
* A mission-driven culture that values ownership, trust, and meaningful impact

Next Step:
Hit Apply!

we are looking for an experienced and proactive Senior IT Systems Engineer to join our growing IT team.
This role will be pivotal in managing our modern, cloud-first infrastructure with a focus on Azure, AWS, Office 365, Intune, and enterprise security platforms. The ideal candidate is a senior-level engineer who thrives on automation, scalability, and supporting a dynamic, hybrid workforce.
Key Responsibilities:
Design, manage, and secure systems across Azure, AWS, Office 365, and Docker-based environments.
Oversee device management policies and compliance via Microsoft Intune across Windows, macOS, and mobile platforms.
Lead onboarding and offboarding workflows, integrating automation and security best practices.
Develop self-service solutions and automated workflows for IT operations using tools like PowerShell, Python, Azure CLI, AWS CLI, and code/no-code platforms (e.g., Workato, Torq).
Administer Entra ID (Azure AD), including conditional access, MFA, and role-based access control (RBAC).
Enforce endpoint and cloud security using CrowdStrike, firewalls, and Cato Networks, and conduct routine audits.
Troubleshoot and manage complex network environments, VPNs, and cloud-based firewalls.
Provide advanced technical support and guidance to internal IT and service desk teams.
Maintain comprehensive documentation and mentor junior staff.

As a Network and Security Engineer, you will:
Design, implement and manage complex enterprise networks (LAN, WAN and WLAN)
Configure and maintain switches, routers and layer 3 devices from major vendors
Deploy and manage network security solutions, including firewalls, WAFs and load balancers
Monitor network performance and proactively resolve performance bottlenecks and security risks
Troubleshoot complex routing and switching issues (OSPF, BGP, EIGRP, VLANs and VRFs)
Maintain documentation and diagrams for network architecture and configurations.

Required IR Engineer
Were looking for a hands-on incident response expert thats passionate about investigating real threats, building scalable detections, and improving automation across modern cloud-native environments. This is a high-impact role within our security group, ideal for someone who thrives on both investigation and building long-term solutions. In your day-to-day, youll:
Investigate complex security incidents in cloud (AWS/GCP), containerized (Kubernetes), and endpoint environments
Design and maintain detection rules and anomaly-based logic to identify emerging threats in production systems
Automate forensic evidence collection and response actions across diverse platforms and services
Collaborate with SOC analysts, Security Architects, and Engineering teams to improve detection coverage and data visibility
Lead incident retrospectives and document technical findings, response steps, and process improvements
Develop and maintain investigation playbooks, chain-of-custody protocols, and sprint-based IR deliverables
Participate in on-call rotations and contribute to incident readiness exercises and escalation protocols.

Required Security Engineer - GRC
Job Description
As an AI native GRC Engineer, you will be a key business enabler, ensuring the organization operates effectively, fast, and securely. You will design and maintain cybersecurity tools while leading SaaS security and supply chain initiatives including SSPM, vendor assessments (TPRM), and NHI monitoring. By mitigating risks in software dependencies and collaborating across IT and Business teams, you will bridge the gap between robust security and operational velocity, driving actionable plans for growth.
In your day-to-day, you will:
Deploy and configure security tools, AI tools, processes, and flows to drive efficiency across GRC processes.
Build integrations using APIs and webhooks to streamline GRC workflows
Monitor real-time activity across sensitive business applications, identifying misconfigurations, incorrect permissions, and policy violations.
Collaborate with IT teams and business stakeholders to address security weaknesses and ensure alignment with security standards and company policies
Define automation processes to streamline detection and remediation of security gaps in sensitive applications and third-party integrations .
Identify risks related to third-party integrations, automating their discovery and mitigation to minimize exposure across the SaaS environment.

You will work closely with our R&D and Product teams to identify, mitigate, and prevent security risks throughout the software development lifecycle (SDLC). As a senior engineer, you will own security initiatives, mentor developers on security best practices, and play a key role in shaping the security posture of products.

The ideal candidate is highly motivated, eager to learn, and has a security by design mindset. This role provides career growth opportunities, enabling you to deepen your expertise in AppSec, DevSecOps, and cloud security.

What you'll do:

Partner with development and product teams to integrate security best practices into the SDLC
Lead threat modeling and architecture security reviews to proactively identify and mitigate risks
Conduct security assessments, including code reviews, vulnerability scans, penetration testing, and secure product design reviews
Stay up to date with emerging security threats, vulnerabilities, and industry trends, ensuring remains ahead of evolving risks.
Support and contribute to security incident response activities, including root cause analysis and post-incident improvements
Automate security processes and integrate security tools within CI/CD pipelines
Develop and deliver secure coding training to engineering teams

We are looking for a Security Engineer to join our team and take full ownership of security tooling and infrastructure. This is a hands-on role with broad responsibility across operational security, platform evaluation, and security-by-design practices.

Youll be responsible for maintaining, improving, and supporting all security tools and platforms; leading evaluations of new technologies; managing internal security review processes; and contributing to infrastructure and product design decisions.

This role demands strong technical expertise and the ability to balance strategic thinking with tactical execution in a fast-moving environment.

Location: Ramat Gan, Israel (hybrid model)

What will you do?

Own and maintain the companys security tooling stack, including endpoint protection, DLP, identity systems, email security, and cloud posture tools.
Monitor cloud and SaaS environments, handle security alerts and misconfigurations, and support day-to-day security operations.
Participate in incident response, including triage, documentation, and post-incident reviews.
Lead security evaluations of new platforms and tools, from technical assessment through internal review and approval.
Drive end-to-end implementation of security solutions, from PoC to production rollout.
Collaborate with IT, Engineering, and DevOps to embed security into system design, identify monitoring gaps, and improve detection capabilities.

Were looking for a hands-on Infrastructure Security Engineer to own and secure our hybrid infrastructure and help us stay ahead of evolving threats.

Your mission:
Secure and operate hybrid infrastructure across Azure, AWS, and on-prem data centers.
Identify, assess, and mitigate vulnerabilities in Windows, Linux, and network layers.
Configure and manage security controls: Defender for Cloud, Defender for Endpoint, WAFs, Firewalls, Switches.
Investigate and respond to SOC alerts, perform root cause analysis, and mitigate advanced threats.
Enforce security policies, patching, and compliance (GDPR, SOC2).
Partner closely with Infra, IT, and Security teams to design and improve secure architectures.
Evaluate and introduce next-gen security platforms aligned with business needs.

We are looking for a Security Engineer to join us. In this role, you will take part in securing our companys production environments across network, data, and AI domains. You will work closely with SRE, DevOps, platform, and internal security teams to design, operate, and continuously improve security controls, reduce risk, and strengthen our detection and response capabilities in a fast-growing, cloud-native environment.
Responsibilities
Support, maintain, and operate network, data, and AI security controls across our companys production environments, and continuously improve protection, detection, and response capabilities.
Design, implement, and troubleshoot network security mechanisms, including segmentation, access controls, and traffic inspection, to reduce attack surface and lateral movement.
Secure sensitive data and databases by enforcing encryption, permissions, and access governance, auditing, and monitoring to prevent data leakage and misuse.
Identify security risks related to AI systems, data pipelines, and inference services, and help define controls to protect models, training data, and AI-driven workflows.
Collaborate with engineering, SOC, and platform teams to identify high-risk assets, abuse scenarios, and attack paths, and translate them into actionable security controls and detections.
Support incident response activities by serving as an escalation point for complex network, data, and AI-related security incidents.
Contribute to improving security visibility, detection logic, and response processes, including documentation and knowledge sharing across the Cyber Defense Group.

Were looking for a Threat Engineer to assess and develop our state-of-the-art detection solution. In this role, you will own the security coverage of our detection platform and guide development to strengthen our customers' resilience to emerging unknown threats. Your expertise in cyber security will drive our true AI-driven detection platform.
The Responsibilities
Work closely with developers and data scientists to produce AI detection models.
Apply your cyber expertise to investigate emerging threats and define technical requirements to mitigate them.
Continuously assess and evaluate security coverage and false-positive rates.
Architect and build scalable solutions for evaluating the platform security metrics.
Bring your excellent interpersonal skills to foster collaboration and maintain a positive attitude within the team.

Were hiring a Senior Security Engineer to help shift security left across product and platform teams, while also supporting internal corporate security needs. Youll drive impact through enablement, automation, and practical risk reduction.
Why this role matters?
Youll secure both what we build and how we work. That means embedding security into our products and CI/CD, and also supporting internal teams.
Security here is not a gate; its a force multiplier. Youll help engineering teams move faster safely, and ensure our colleagues have a secure foundation to do their best work.
Success means faster, safer releases and fewer reactive security escalations.
What will you do?
As a Senior Security Engineer, your mission will be to:
Partner with developers to embed security into design, build, and deploy stages
Automate vulnerability triage and mitigation flows
Secure CI/CD pipelines (GitHub, Jenkins) and execution environments (Kubernetes, Docker)
Tune WAFs, manage cloud security (AWS, GCP, Azure), and evolve Terraform practices
Support internal teams with secure production accesses, endpoint hardening, and access policies
Lead security reviews across app, infra, and corporate environments
Advocate for security standards with clarity and empathy
The Team Environment:
Youll join a cross-cultural, globally distributed security team that thrives on collaboration, curiosity, and continuous learning. We bring together a wide range of experiences and backgrounds to solve meaningful problems.
We support each other through knowledge sharing sessions, workshops, and async collaboration. Youll have the chance to attend industry conferences, participate in internal guilds, and continuously sharpen your skills using our dedicated security training platform.
How we work:
Autonomy with alignment: own your work, stay connected to purpose
Bias for action: ship, learn, improve
Enablement mindset: security exists to empower teams, not slow them down
Simple and pragmatic: perfect is the enemy of shipped
Please submit your CV in English.

We are seeking a highly skilled and experienced Windows Internals Team Leader to lead a specialized attack team focused on developing offensive, production-ready attack capabilities. This is a research and development (R&D) role at the core of our offensive security efforts. You will be responsible for architecting and delivering advanced low-level attack components used in evasion techniques, red team tooling, and adversary simulations.

You will be hands-on in both leadership and development, guiding technical direction, mentoring engineers, and contributing code across kernel-mode and user-mode components.

The Impact You Will Have

Lead the design, development, and deployment of production-grade offensive capabilities targeting Windows systems
Develop low-level Windows components including kernel-mode code, user-mode loaders, and OS-level evasion mechanisms
Implement Python bindings to connect native low-level components with Python-based research tools and automation
Debug complex issues in both kernel and user space using tools such as WinDBG and KD
Research and develop bypass techniques for modern Windows security controls
Collaborate with the Research Team and other R&D stakeholders to implement and refine offensive concepts
Provide technical mentorship and drive engineering best practices within the team