לוח משרות דרושים הייטק אבטחת מידע / סייבר

Required Application Security Engineer
What is this opportunity?
As the Application Security Engineer, you will be responsible for integrating and maintaining robust security practices throughout the entire application development lifecycle. You will work closely with cross-functional teams including Software Engineering, DevOps and Product.
This role requires a security-minded professional who has deep experience in cloud-based architectures and is excited about building secure and scalable solutions.
How will you contribute?
Secure Software Development Lifecycle (SSDLC)- Collaborate with developers to integrate security best practices into all stages of the SDLC. Conduct secure code reviews, threat modeling, and vulnerability assessments.
Application Security Testing- Implement and manage SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools. Continuously monitor, track, and resolve identified vulnerabilities.
Cloud Security & Infrastructure- Work with DevOps/Infrastructure teams to secure cloud environments, including containerized workloads, CI/CD pipelines, and serverless functions. Configure and maintain cloud security best practices.
Security Architecture & Design- Collaborate on the design of new applications and features, advising on secure architecture patterns, encryption mechanisms, and identity & access management. Develop and maintain security reference architectures and technical standards.
Automation & Continuous Improvement- Identify opportunities to automate security checks and policy enforcement within the CI/CD pipeline. Research and recommend new security tools, technologies, and processes to enhance the security posture of the organization.

Provide strategic and technical leadership for a team of managers and senior technologists developing the core datapath components of our cloud-native cybersecurity platform.
Own the delivery and lifecycle of multiple complex projects from architecture to deployment ensuring high performance, scalability, and security.
Define project scopes, goals, schedules, and resource plans; manage execution, mitigate risks, and ensure alignment with business priorities.
Drive technical problem solving, system reliability, and product quality improvements across the organization.
Collaborate closely with peer organizations (product management, customer support, and cross-functional engineering teams) to align goals and ensure end-to-end system success.
Stay ahead of industry trends, cloud advancements, and cybersecurity technologies; promote a culture of technical innovation and operational excellence.
Mentor, coach, and develop team members; build a high-performing, collaborative engineering culture.
Communicate program status, key challenges, and strategic insights to senior leadership and stakeholders.

Analyses the feature specifications and determines the required coding, testing, and integration activities.
Designs and develops moderate to complex cloud application modules per feature specifications adhering to security policies.
Identifies debugs and creates solutions for issues with code and integration into application architecture.
Develops and executes comprehensive test plans for features adhering to performance, scale, usability, and security requirements.
Deploy cloud-based systems and applications code using continuous integration/deployment (CI/CD) pipelines to automate cloud applications' management, scaling, and deployment.
Contributes towards innovation and integration of new technologies into projects.
Analyzes science, engineering, business, and other data processing problems to develop and implement solutions to complex application problems, system administration issues, or network concerns.

helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, had revenue of $5.00 billion in fiscal 2024. For more information,
In one sentence
Cyber Security is looking for a GRC Analyst to join the Cyber GRC Team.
As a GRC Analyst, you will ensure that adheres to cyber security standards and policies. This role involves building and promoting mitigation plans, developing and implementing governance frameworks and routines, and ensuring compliance with regulatory requirements.
What will your job look like?
You will oversee the companys risk management processes and build mitigation plans for identified risks.
You will work with business stakeholders, leading communication processes.
You will develop and implement corporate governance frameworks, rules, and procedures to ensure compliance with organizational and ethical standards.
You will lead ongoing compliance audits for relevant standards (e.g., ISO27001, SOC2 Type 2), including preparation for relevant focals, managing relevant evidence, following up on findings, and ensuring timely fixes by owners.

With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our approximately 30,000 employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, had revenue of $4.89 billion in fiscal 2023.

In one sentence
As Information Security Architect specializing in securing CI/CD and R&D processes, you will ensure secure dev practices and tool policies are up to date,
be in charge of product security threat modeling based on external standards and practices (OWASP, NIST, CIS), and be in charge of secure coding practices.
What will your job look like?
You will be in charge of conducting threat analysis and design review of complex products.
You will need to provide In-depth knowledge of software security design consideration from End-to-End security perspective.
You will be in charge of the security development policies, updated to the new world of GenAI
You will be in charge of the secure coding practices, to make sure every role in the organization adheres to security standards
You will be exploring new trends and standards, conducting POCs with different InfoSec teams (DevSecOps, PenTest)

The position includes multiple challenging aspects, such as creation of detection analyses, attack scenarios research, team capabilities developments, client interactions, and in-depth investigation, which include host forensics work in both Windows and Linux systems, and cloud environments (e.g., AWS, GCP and Azure).



Main Responsibilities

Perform Post-Breach monitoring activities in global clients environment including in-depth triage of alerts and host forensics analysis.
Develop out-of-the-box and tailor-made analyses and detection to monitor the clients environment, often based on known threat actor tactics, techniques and procedures. This work may include research activities to support the detection development.
Support major Incident Response engagements with accurate detection after a potential active threat actor in the clients network.
Work on maintaining the necessary visibility and log forwarding for the ongoing monitoring engagements, including host-based data, Cloud environments, network devices, etc.
Apply proactive threat hunting approach in ongoing monitoring engagements, including forensic host and network-based analysis, malware hunt and wide IOC searches.
Develop capabilities and automations for alerts handling, triage and escalation, visibility maintenance, reporting, and more.
Onboard new customers by assessing their security posture, tailoring monitoring systems to their environment, and integrating their security frameworks into our services.
Often work alongside global clients security personnel when providing regular updates and following-up on alerts and security events.
Generate and provide reports and metrics on actionable data: incidents, weekly aggregation/trending, follow up procedures, visibility status, etc.

Cyber threats are constantly growing in volume, velocity and sophistication. When an organization is confronted with an advanced attack, it needs the strongest capabilities on its side. In many cases, an incident response engagement is in fact a battle within a network. The operational art, experience, focus, and speed of response teams can mean the difference between a minor blow, and a devastating impact on an organizations performance and reputation.

The Incident Response Director will be key to the success of Incident Response projects worldwide, and should possess strong leadership and client-facing skills, be highly technical and thrive in a fast-paced and dynamic environment.

Main Responsibilities

Lead multiple teams of top-tier cyber security researchers and forensic experts responding to large-scale and complex cyber-attacks globally, beating real-world sophisticated threat actors.
Become a trusted advisor for client executives during incidents, and the main escalation point for crisis management.
Oversee all client-facing engagements within the EMEA region, assuring top quality delivery standards.
Train, guide and empower team leaders and team members, enhancing their technical, managerial, and consulting skills.
Support efforts to generate new business, by creating professional content and attending events, conferences and client meetings.
Be part of the management group Sygnias global IR department, lead and take part in cross-company projects and cooperations.

Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.

Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.

Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.

Utilize and develop tools and methodologies to improve Sygnias existing investigative and hunting technological stack.

Collaborate with IT and Security teams during investigations.

Generate and present a comprehensive and professional report of findings from investigations.

The Incident Response Team Leader will be key to the success of Incident Response projects worldwide, and should possess strong leadership skills, be highly technical and thrive in a fast-paced and dynamic environment.

Main Responsibilities

Lead a team of top-tier cyber security researchers and forensic experts conducting assessments and in-depth analysis in complex investigations, as well as security assessments.

Guide and empower team members, enhancing their technical and research skills.

Lead client-facing projects including incident response and hunting efforts for large-scale sophisticated attacks, to contain and defeat real-world cyber threats.

Collaborate and work with clients IT and Security teams during investigations.

Design and improve internal incident response technologies, methodologies, and processes.

This executive role sits at the core of Cyber Security Services group and reports directly to the SVP Cyber Security Services. The VP will also serve as a member of the Services Management Team, contributing to the strategic direction and operational quality of service delivery. 

 

Main Responsibilities: 

Lead global Incident Response operations, overseeing global IR teams and ensuring standards are upheld in all engagements. 
Act as the executive escalation point for critical incidents, providing high-level guidance to C-level executives and board-level stakeholders under active attack. 
Define and execute the strategic direction of IR practices, aligning with evolving threat landscapes, client needs, and business objectives. 
Advance global IR methodologies, tools, and standards, ensuring they scale effectively and maintain the highest quality across all regions and client engagements. 
Ensure consistent, high-end service, including adaption of local market approaches to regulatory environments as needed. 
Shape the leadership culture within the IR organization by mentoring regional leads, aligning global talent development with strategic goals, and driving excellence through empowerment and accountability. 
Represent at executive briefings, industry events, and client meetings; contribute to global business development and thought leadership efforts. 
Collaborate closely with peers in the Services Management team to drive cross-functional alignment, innovation, and efficiency across all service lines. 

As a Cyber Security Engineer in a fast-expanding operation team, you will be responsible for onboarding new global clients to the MXDR services, developing and maintaining detection scenarios and alerts, analysing the client's environment, and providing technical support and guidance to clients. To excel in this role, you will demonstrate strong technical aptitude, dedication to delivering high-quality work, and a cooperative approach to teamwork.



Main Responsibilities:

Lead the onboarding process for all new clients joining the MXDR services, working closely with the clients IT and security teams to ensure smooth implementations.
Develop detection scenarios and alerts for XDR solution (Velocity) to ensure effective threat detection and response.
Oversee Velocity KPIs and measurements set by the client, adjusting, analyzing and maintaining them according to their needs and tracking the impact of the platform on the client's networks, endpoints, applications, and cloud environments.
Continuously improve Velocity monitoring capabilities and keep up-to-date with the latest developments in the cyber threat landscape.
Provide technical support and guidance to clients on Velocity security-related issues, including implementing security best practices and ensuring compliance with industry standards.

we are looking for a MXDR Analyst to join the team of cybersecurity analysts monitoring services 24/7, tiers 1-2. The role includes development of detection analyses, triage of alerts, investigation of security incidents, proactive threat hunting and enhancement of sensors and overall visibility status. The suitable candidate should be a team player with previous experience in SOC, SecOps or security monitoring, independent, and with a can-do attitude.



Responsibilities

Working across all areas of SOC, including continuous monitoring and analysis, threat hunting, security compliance, security event auditing and analysis, rule development and tuning, and forensics.
Solving security incidents in accordance with defined service level agreements and objectives.
Prioritizing and differentiating between potential incidents and false alarms.
Addressing clients enquiries via phone, email, and live chat.
Working side-by-side with customers, providing insightful incident reports.
Working closely with peers and higher-tier analysts to ensure that your analysis work meets quality standards.
Identifying opportunities for improvement and automation within the MXDR Operation Lead, and leading efforts to operationalize ideas.
Identifying and offering solutions to gaps in current capabilities, visibility, and security posture.
Correlating information from disparate sources to develop novel detection methods.

The Software Engineering team delivers next-generation application enhancements and new products for a changing world. Working at the cutting edge, we design and develop software for platforms, peripherals, applications and diagnostics all with the most advanced technologies, tools, software engineering methodologies and the collaboration of internal and external partners.
Join us as a Software Principal Security Engineer on our Software Engineering team in Herzliya to do the best work of your career and make a profound social impact.
What youll achieve
As a Principal Software Security Engineer, you will be a key leader in designing, implementing, and maintaining robust security solutions for our complex, multi-component systems, ensuring the confidentiality, integrity, and availability of sensitive data. You will play a critical role in protecting our customer data and intellectual property from evolving cyber threats.
You will:
Lead Security Design: Architect and design secure software solutions for complex systems, incorporating secure coding practices, cryptography, and network security principles.
Work with a global team on refining requirements and solutions for secure product development
Leading and Contributing to the development and implementation of these secure strategies for complex software products and systems/for storage products and systems

As a Security Researcher, you will be responsible for conduct in-depth research and analysis of new threats and vulnerabilities in the blockchain space and develop tools and systems to detect and mitigate security risks in real-time. Youll work closely with our engineering and product teams to develop security strategies, detect and mitigate exploits, and enhance our on-chain security platform. While prior Web3 experience is an advantage, we welcome applicants with a solid security research background looking to break into blockchain security.

Key Responsibilities:
Conduct in-depth security research on blockchain protocols, smart contracts, and decentralized applications.
Identify and analyze security vulnerabilities, exploits, and attack vectors in Web3 protocols.
Collaborate with the engineering team to integrate detection capabilities into our on-chain exploit detection system.
Create proof-of-concept (PoC) exploits and simulations to help test and validate threat scenarios.
Stay current with emerging threats, new technologies, and industry best practices in information security.