The role

Nebius is looking for a highly technical, hands-on SIEM Engineer Lead to design, implement, and optimize advanced Security Information and Event Management (SIEM) capabilities. This role is responsible for developing detection strategies, improving security visibility, and driving automation across security operations processes. The ideal candidate will combine deep SIEM expertise with strong analytical and engineering skills to enhance threat detection, incident response efficiency, and security monitoring maturity. This is not a people management position, you will provide technical guidance, mentorship, and direction to SOC analysts, security engineers, and cross-functional teams

You’re welcome to work in our offices in Tel Aviv.

Your responsibilities will include: 

• Architect, deploy, and maintain enterprise SIEM platforms and related security monitoring infrastructure.
• Develop and optimize detection rules, correlation logic, and alert mechanisms to identify security threats and anomalous activity.
• Design and implement log ingestion pipelines, normalization, and enrichment processes across diverse data sources.
• Continuously improve detection coverage by analyzing threat intelligence, attacker techniques, and emerging vulnerabilities.
• Create and maintain dashboards, reports, and metrics to support security visibility and operational decision-making.
• Drive automation of security monitoring and response workflows using scripting, APIs, and orchestration tools.
• Perform tuning and performance optimization of SIEM platforms to ensure scalability and reliability.
• Conduct threat hunting activities and support complex security investigations using SIEM data.
• Collaborate with engineering, infrastructure, and security stakeholders to integrate new log sources and telemetry.
• Develop documentation, standards, and best practices for SIEM configuration, logging, and detection engineering.
• Create APIs and interfaces that enable AI agents to query SIEM, pull evidence, and execute actions

We expect you to have: 

• 5+ years of experience in cybersecurity with strong focus on SIEM engineering or security monitoring.
• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Elastic, or similar.
• Strong knowledge of log analysis,event correlation, and detection engineering.
• Experience with data pipelines, log parsing, and schema design.
• Experience with SOAR platforms and security automation.
• Experience with scripting or programming (e.g., Python, PowerShell, Bash) for automation and integrations.
• Solid understanding of network protocols, operating systems, cloud environments, and common attack techniques.
• Familiarity with frameworks such as MITRE ATT&CK, NIST, or CIS for detection mapping and security controls.
• Experience integrating threat intelligence and security tools with SIEM platforms.
• Knowledge of cloud logging and monitoring (AWS, Azure, GCP).
• Strong knowledge of Kubernetes architecture and security concepts
• Experience with Terraform, CI/CD pipelines and Detection as code workflow

It will be an added bonus if you have: 

• Experience building and deploying LLM-based AI agents
• Experience in transitioning from manual SOC to AI-augmented operations.
• Relevant security certifications
• Certification in cloud computing, including administration, development, engineering, or architecture.
• Knowledge of AI safety and reliability - guardrails, validation, human oversight mechanisms

Now we’re looking for a visionary Automation Engineer to join our Automation teams. As a member of this team, you will be responsible for the design, implementation, and maintenance of Automated tests. Our Automated tests cover various aspects of the product, including complex networking topology, traffic, security rules, Users authentication scenarios and mobile applications interacting deeply with the operating system. 

Responsibilities 

• Design and develop automation solutions for mobile applications, including end-to-end scenarios across backend, network, and device layers  

• Build, configure, and maintain mobile testing environments (emulators, simulators, and physical devices), including CI-integrated mobile labs  

• Develop automation for applications that integrate with mobile OS capabilities (e.g., VPN configuration, system extensions, network controls, background services) 

• Evaluate and integrate AI-driven solutions into the automation workflow, improving productivity, reliability, and insight generation 

• Leverage AI-based tools and techniques to enhance test automation, including test generation, failure analysis, and optimization of test coverage and execution 

• Cope with complex code along with quality standards and best practices. 

• You will be expected to come up with initiatives regarding Automation infrastructure and tools. 

• You will work with other Automation teams, as part of cross-teams Automation efforts to achieve code reuse and unified standards in code, tools, and processes. 

• You will take part in planning and implementing non-functional testing aspects of product management modules. 

• Collaborate with development and product teams to ensure high-quality delivery of mobile and networking features 

Requirements 

• 5+ years of experience implementing automated tests for multi-layered products 

• Strong coding skills in Java/Phyton or another object-oriented language  

• Hands-on experience with mobile testing (iOS and/or Android)  

• Experience with mobile automation frameworks (Appium, Espresso, XCUITest, or similar)  

• Experience testing applications with deep OS integration (e.g., VPN, networking, system extensions)  

• Experience building and maintaining mobile test environments (emulators, real devices, CI integration)  

• Practical experience using AI-based tools to improve software development or test automation workflows (e.g., test generation, code assistance, failure analysis, or test optimization) 

• Strong debugging and troubleshooting skills  

• Ability to work independently and drive tasks end-to-end 

• Experience with device farms or cloud-based mobile labs  

• Knowledge of networking protocols (TCP/IP, DNS, HTTP, TLS, etc.)  

• Experience with VPN clients, proxies, or endpoint security solutions  

• Experience with CI/CD tools (Jenkins, Git)  

• Experience with ESX / virtualization 

About Us

Riskified empowers businesses to unleash ecommerce growth by taking risk off the table. Many of the world’s biggest brands and publicly traded companies selling online rely on Riskified for guaranteed protection against chargebacks, to fight fraud and policy abuse at scale, and to improve customer retention. Developed and managed by the largest team of ecommerce risk analysts, data scientists and researchers, Riskified’s AI-powered fraud and risk intelligence platform analyzes the individual behind each interaction to provide real-time decisions and robust identity-based insights. Riskified is proud to work with incredible companies in virtually all industries including Booking.com, Acer, Gucci, Lorna Jane, GoPro, and many more.

We thrive in a collaborative work setting, alongside great people, to build and enhance products that matter. Abundant opportunities to create and contribute provide us with a sense of purpose that extends beyond ourselves, leaving a lasting impact. These sentiments capture why we choose Riskified every day. 

About the Role

As a Site Reliability Engineering (SRE), you’ll join a high-impact R&D team and own the infrastructure that powers Riskified’s real-time decisions. You’ll tackle challenges of architecture, scale, and reliability by designing, building, and operating cloud-native systems, and by extending the tooling that enables fast, safe delivery at scale.

At Riskified, we review millions of transactions daily and make sub-second decisions that sit in the heart of our customers’ critical business flow. We collect and analyze terabytes of textual, behavioral, social, geographical, and other data, using machine learning algorithms to power one of the world’s leading fraud-prevention platforms.

We believe great engineers and tight collaboration are the keys to scale and innovation. Our team is highly innovative and quick to adopt cutting-edge technologies (for example, EKS at scale, Karpenter, Istio, Argo CD, Graviton, Kyverno, advanced observability, and Cloudflare edge patterns).

What You'll Be Doing

• Design, build and manage our development and production cloud-native infrastructure in AWS 
• Establish and evolve standards for microservices (IaC modules, Helm charts, policies)
• Build and maintain our product release workflow and continuous integration/delivery systems
• Continuously improve Riskified’s visibility into its systems and applications with advanced monitoring, metrics, and log analytics, analysis
• Understand, implement, and automate security controls, governance processes, and compliance validation
• Play a key role in product planning and execution
• Develop internal tools that remove friction and boost developer productivity.
• Continuously evaluate and introduce new technologies to improve performance, reliability, and developer velocity

Qualifications

• At least 5 years prior experience as a SRE/DevOps
• Deep cloud experience (preferably AWS) and strong Infrastructure as Code skills
• Must have cloud-native proficiency, including Kubernetes in production, familiarity with a service mesh (for example, Istio or Linkerd), and provisioning tools (for example, Karpenter)
• Observability expertise with modern monitoring and log analytics 
• At least 1 year of programming experience or the ability to demonstrate strong programming proficiency
• Experience with Build/Deploy/Continuous Integration tools
• Ability to prioritize tasks and work independently
• Experience in Go or Node.js (huge advantage).
• History of open-source involvement (issues, pull requests, talks, or meetups) (advantage).

Life at Riskified

We are a fast-growing and dynamic tech company with 750+ team members globally. We value collaboration and innovative thinking. We’re looking for bright, driven, and passionate people to grow with us.

Our Tel-Aviv team is currently working in a hybrid of remote and in-office work. We have recently moved to our new space in Tel Aviv - check it out here! 

Some of our Tel Aviv Benefits & Perks:

• Equity for all employees, Keren Hishtalmut, pension
• Private medical insurance, extra time off for parents and caregivers
• Commuter and parking benefits
• Team events, fully-stocked kitchen,lunch stipend, happy hours, yoga, pilates, functional training, basketball, soccer
• Wide-ranging opportunities to volunteer and make an impact
• Commitment to your professional development with global onboarding, skills-based courses, full access to Udemy, lunch & learns
• Awesome Riskified gifts and swag! 

In the News

Geektime: Riskified Goes Public

Walla!: Happy Hour at the Riskified Offices

Geektime Insider: A look at Riskified Tel Aviv

Globes: Riskified to contribute the highest amount up to date to Tmura

Globes: Riskified is among Israel’s fastest growing companies 

TechCrunch: Riskified Prevents Fraud on Your Favorite E-commerce Site

Riskified is deeply committed to the principle of equal opportunity for all individuals. We do not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, or any other status protected by law.

About Us

Riskified empowers businesses to unleash ecommerce growth by taking risk off the table. Many of the world’s biggest brands and publicly traded companies selling online rely on Riskified for guaranteed protection against chargebacks, to fight fraud and policy abuse at scale, and to improve customer retention. Developed and managed by the largest team of ecommerce risk analysts, data scientists and researchers, Riskified’s AI-powered fraud and risk intelligence platform analyzes the individual behind each interaction to provide real-time decisions and robust identity-based insights. Riskified is proud to work with incredible companies in virtually all industries including Booking.com, Acer, Gucci, Lorna Jane, GoPro, and many more.

We thrive in a collaborative work setting, alongside great people, to build and enhance products that matter. Abundant opportunities to create and contribute provide us with a sense of purpose that extends beyond ourselves, leaving a lasting impact. These sentiments capture why we choose Riskified every day. 

About the Role

As a DevOps Engineer, you’ll join a high-impact R&D team and own the infrastructure that powers Riskified’s real-time decisions. You’ll tackle challenges of architecture, scale, and reliability by designing, building, and operating cloud-native systems, and by extending the tooling that enables fast, safe delivery at scale.

At Riskified, we review millions of transactions daily and make sub-second decisions that sit in the heart of our customers’ critical business flow. We collect and analyze terabytes of textual, behavioral, social, geographical, and other data, using machine learning algorithms to power one of the world’s leading fraud-prevention platforms.

We believe great engineers and tight collaboration are the keys to scale and innovation. Our team is highly innovative and quick to adopt cutting-edge technologies (for example, EKS at scale, Karpenter, Istio, Argo CD, Graviton, Kyverno, advanced observability, and Cloudflare edge patterns).

What You'll Be Doing

• Design, build and manage our development and production cloud-native infrastructure in AWS 
• Establish and evolve standards for microservices (IaC modules, Helm charts, policies)
• Build and maintain our product release workflow and continuous integration/delivery systems
• Continuously improve Riskified’s visibility into its systems and applications with advanced monitoring, metrics, and log analytics, analysis
• Understand, implement, and automate security controls, governance processes, and compliance validation
• Play a key role in product planning and execution
• Develop internal tools that remove friction and boost developer productivity.
• Continuously evaluate and introduce new technologies to improve performance, reliability, and developer velocity

Qualifications

• At least 5 years prior experience as a SRE/DevOps
• Deep cloud experience (preferably AWS) and strong Infrastructure as Code skills
• Must have cloud-native proficiency, including Kubernetes in production, familiarity with a service mesh (for example, Istio or Linkerd), and provisioning tools (for example, Karpenter)
• Observability expertise with modern monitoring and log analytics 
• At least 1 year of programming experience or the ability to demonstrate strong programming proficiency
• Experience with Build/Deploy/Continuous Integration tools
• Ability to prioritize tasks and work independently
• Experience in Go or Node.js (huge advantage).
• History of open-source involvement (issues, pull requests, talks, or meetups) (advantage).

Life at Riskified

We are a fast-growing and dynamic tech company with 750+ team members globally. We value collaboration and innovative thinking. We’re looking for bright, driven, and passionate people to grow with us.

Our Tel-Aviv team is currently working in a hybrid of remote and in-office work. We have recently moved to our new space in Tel Aviv - check it out here! 

Some of our Tel Aviv Benefits & Perks:

• Equity for all employees, Keren Hishtalmut, pension
• Private medical insurance, extra time off for parents and caregivers
• Commuter and parking benefits
• Team events, fully-stocked kitchen,lunch stipend, happy hours, yoga, pilates, functional training, basketball, soccer
• Wide-ranging opportunities to volunteer and make an impact
• Commitment to your professional development with global onboarding, skills-based courses, full access to Udemy, lunch & learns
• Awesome Riskified gifts and swag! 

In the News

Geektime: Riskified Goes Public

Walla!: Happy Hour at the Riskified Offices

Geektime Insider: A look at Riskified Tel Aviv

Globes: Riskified to contribute the highest amount up to date to Tmura

Globes: Riskified is among Israel’s fastest growing companies 

TechCrunch: Riskified Prevents Fraud on Your Favorite E-commerce Site

Riskified is deeply committed to the principle of equal opportunity for all individuals. We do not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, disability, veteran status, or any other status protected by law.

Role Overview

We are looking for a proactive Security Assurance Lead to advance our security program into a proactive "validate and verify" model. Your mission is to ensure our defenses aren't just present, but effective. In this hands-on technical role will own and manage testing, validating and reporting on our security posture, through automated testing against our controls, and ensure our security stack is optimized, integrated, and fully utilized.

Key Responsibilities

• Security Assurance Management: Define, orchestrate and drive the security assurance program from vision to full implementation.
• Continuous Control Validation: Design and execute automated testing (e.g., Breach & Attack Simulation) to verify that prevention and detection controls are functioning across cloud, SaaS and IT environments.
• Central Visibility Hub: Build and maintain a real-time Security Posture Dashboard. This hub will provide a single pane of glass for the coverage and health of our security stack.
• Tool Optimization & Efficacy: Review our existing security suite to ensure tools are properly configured, integrated, and delivering ROI. You will identify "blind spots" where tools are installed but not effectively monitoring or blocking.
• Offensive Testing Strategy: Coordinate regular external offensive testing cycles such as Penetration Testing, Phishing, etc. and translate "broken" controls and findings into actionable items.
• Operational Excellence: Define clear ownership, maintenance schedules, and lifecycle processes for all security technologies to prevent "tool rot."

Required Experience & Qualifications

• 8+ years experience of cybersecurity engineering and architecting (Infosec/DevSecOps).
• Proven technical capabilities in automation, scripting, AI, etc.
• Experience in offensive testing methodologies and practices such as penetration testing, red team exercises, etc.
• Strong understanding of breach simulation, continuous control monitoring (CCM) and technical validation concepts and methodologies.
• Strong understanding of:
• Cloud and SaaS security (WAF, CNAPP)
• Identity, access control, and infrastructure security (IDM, IDP, PAM)
• Endpoint and corporate IT security (EDR, DLP, SASE)

Required Skills & Attributes

• Self-directed architect: Able to take full ownership of the security assurance roadmap from initial design and selection to a working, breathing program.
• Authority without ego: Able to lead across departments without formal reporting lines. While you will operate independently, success is measured by your ability to partner with peers to achieve implementation and ongoing adherence.
• Critical thinking: Able to challenge, validate and verify, while maintaining trust and collaboration with peers and stakeholders.
• Strategic planning: Don’t just patch and quick fix, but ensure correct practices and procedures are developed to provide assurance over time.
• Executive communication: Clear, concise, and credible with senior leadership.
• Analytical thinking: Attention to details and ability to connect multiple dots into a concise and accurate picture.

Nice to Have

• Experience in crypto, fintech, or highly regulated financial environments
• Familiarity with the NIST Cybersecurity Framework (CSF) 2.0, Cloud Security Alliance (CSA) controls matrix, offensive security frameworks (MITRE), etc.

Required:

• 3+ in Windows desktop application development using Windows App SDK, WinUI (or similar), C#, XAML — and ideally additional experience with native Windows code (C++, Win32/WinRT/COM).
• Deep understanding of Windows application architecture, including interop between managed code (.NET) and native code.
• Proven track record of designing, building, and shipping production-quality desktop applications, with an emphasis on reliability, performance, scalability, and maintainability.
• Strong experience with accessibility APIs on Windows (e.g. Microsoft UI Automation or similar), and a dedication to building accessible and inclusive software.
• Excellent software engineering fundamentals: OOP, design patterns, data structures, algorithms, memory management, multi-threading or asynchronous programming (where relevant).
• Experience leading technical design, mentoring other engineers, conducting code reviews, and making architecture-level decisions.
• Strong communication skills; ability to articulate tradeoffs, collaborate with cross-functional teams, and drive consensus.
• A user-centric mindset: focus on building polished, intuitive, and accessible experiences for end users.

Preferred / Bonus:

• Experience with writing automated tests for UI — unit tests, integration tests, UI automation tests; familiarity with relevant testing frameworks.
• Experience with performance optimization for desktop apps (memory usage, startup time, rendering performance, high-DPI support, responsiveness under load).
• Experience with localization/globalization, right-to-left UI support, internationalization, accessibility for multiple regions.
• Familiarity with telemetry, analytics, crash reporting, logging, and error monitoring in desktop applications.
• Previous experience in shaping CI/CD workflows, release pipelines, and deployment strategies for desktop applications.
• Demonstrated ability to take ownership of feature areas or modules and drive them long-term, including maintenance, refactoring, and technical debt management.

What we offer

• A high-impact role: you will define architecture, shape the future of our Windows product, and directly influence what millions of users see and experience.
• A collaborative, flat-structure engineering culture — you are not just a coder, but a builder and a decision-maker.
• Opportunities to lead — mentor others, steer technical direction, and grow into broader technical leadership (e.g. Tech Lead, Architect).
• Flexibility, autonomy, and responsibility: you define how to solve problems, own features end-to-end, and contribute to long-term product vision.
• A purpose-driven mission: building software that’s reliable, accessible, and user-centered — making a real difference for people.                  

Think you’re a good fit for this job? 

Tell us more about yourself and why you're interested in the role when you apply.
And don’t forget to include links to your portfolio and LinkedIn.

Not looking but know someone who would make a great fit? 
Refer them! 

Speechify is committed to a diverse and inclusive workplace. 
Speechify does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Who we are:

Resident is an industry leader in the Direct-to-Consumer (e-commerce) space. While our customers are primarily based in the US, our R&D, Product, and Data teams have been operating out of Tel Aviv since our founding. Our mission is simple: we are building a best-in-class e-commerce platform that leverages data and technology to create a competitive advantage for our brands.  Starting from the marketing acquisition funnel and continuing through each customer’s journey, our tools and technology enable us to go the extra step to deliver a world-class customer experience.

Our company is built around continuously improving our ability to introduce new customers to our products and wow them with exceptional experiences through the shopping and post-purchase journey.  We love to use data and metrics to drive our decisions while keeping in mind that customers don’t speak in numbers and that each one should be treated as a member of our family. Oh, and by the way, you’ll get to work with a diverse group of experts around the globe. You can expect a hard-working team of people who understand how to create meaningful connections and get great work done virtually - it’s in our nature!

What we do:

Our DevOps team is responsible for the Resident platforms end-to-end, from cloud infrastructure to production delivery. We build and operate the systems that enable engineering teams to move fast and safely, while ensuring high standards of reliability, security, performance, and scalability. Through automation, strong architecture, and secure-by-design practices, we continuously improve how we deploy, monitor, and protect our production environments.

What you will be doing: 

As the sole DevSecOps owner within the DevOps team, you will take end-to-end responsibility for improving the security of our cloud and production environments. You will design and implement security controls across AWS/GCP- from hardening infrastructure and securing Kubernetes to ensure our platform stays secure as it scales.

You will work closely with cross-functional teams such as DevOps, R&D, Product, and Data to embed security into the way we build software. This role is ideal for someone who wants to make a real impact, takes ownership of cross-team initiatives, is curious and eager to learn, and enjoys driving improvements that raise the security bar across the company.

This is a hybrid role, requiring 2 days per week at our R&D site in Tel Aviv.

Responsibilities:

• Architect, implement, and maintain a strong security posture across cloud environments (AWS / GCP), aligned with best practices (CIS Benchmarks, Well-Architected Framework)
• Own and integrate automated security controls into CI/CD pipelines (SAST, DAST, SCA, container scanning), including tuning to reduce noise and enforce policy gates
• Secure Infrastructure as Code (IaC) and harden servers, services, and Kubernetes clusters
• Design and manage IAM, roles, policies, and secrets management to enforce Least Privilege
• Lead security initiatives around emerging technologies, including AI models, LLM integrations, and data pipelines
• Continuously monitor and drive remediation of vulnerabilities and security findings across the stack
• Partner with Developers and Data Engineers to embed security into the SDLC and strengthen security culture
• Support security operations, including incident response and root cause analysis

Qualifications:

• 3+ years of hands-on experience in DevOps, SRE, DevSecOps, or Cloud Security roles in production environments
• Strong ownership mindset with proven ability to lead initiatives end-to-end with minimal supervision
• Strong cloud security expertise (AWS or GCP preferred), including IAM, networking, and managed services
• Strong Linux fundamentals and hardening experience; scripting/automation skills in Python and/or Bash
• Solid experience with CI/CD pipelines (GitHub Actions, Jenkins, etc.) and container platforms (Docker, Kubernetes)
• Strong understanding of system architecture, REST APIs, and networking fundamentals (DNS, TCP/IP, load balancing)
• Strong knowledge of authentication and authorization mechanisms (OAuth, OIDC, SAML) and secure token/secret handling
• Hands-on experience implementing security scanning tools (SAST/DAST/SCA), including tuning and enforcing build-blocking when required
• Familiarity with security standards and best practices (OWASP Top 10, NIST, CIS)
• Exposure to AI/ML security and securing LLM integrations - major plus
• Strong English communication skills, with the ability to explain risk clearly to both technical and non-technical stakeholders
• Analytical thinker, with a proactive approach, who can prioritize effectively in a fast-paced environment

• Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
• Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
• Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the Wiz DAST engine.
• Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning Wiz as the market leader in vulnerability management.

• 1+ years of hands-on experience in AppSec or penetration testing, including proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
• Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP).
• Hands-on experience with Linux, Windows, Docker, Kubernetes, and a strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML).
• Proficiency in scripting languages such as Python, Bash, or Go to automate security tasks and interact directly with the codebase.
• An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
• Self-motivated with the ability to work collaboratively and communicate high-stakes security concepts effectively across teams.

• Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
• SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
• A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.

SUMMARY 

We're looking for a Security Engineer - Wiz Product to spread the power of Wiz. The ideal candidate will have experience performing security reviews, vulnerability management, and detection and response operations in cloud-native environments. You’ll get to collaborate with our software development and DevOps teams to secure Wiz’s products, CI/CD infrastructure, and production infrastructure. You’ll also have the opportunity to influence our product roadmap by utilizing Wiz-for-Wiz to assess, monitor, and harden our environments.   

WHAT YOU’LL DO 

• Lead threat modeling and security review exercises across Wiz’s production and CI/CD environments – identifying and mitigating risks in our products and the cloud services that support them  
• Drive vulnerability management and remediation efforts – prioritizing issues, implementing mitigations, and designing strategic preventative controls  
• Extend our detection and response capabilities – building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents   
• Collaborate with our Wiz Federal team – extending our DevSecOps and Product Security practices to Wiz’s FedRAMP environment and ensure it meets key security requirements 
• Build deep functional partnerships with Wiz’s engineering and operations teams – helping them deliver secure-by-design solutions  

WHAT YOU’LL BRING 

• 5+ years of experience in security engineering or security operations work in cloud environments, with a focus on a combination of the below:  
• AWS platforms and services (we will also consider equivalent experience in Azure and GCP)  
• Kubernetes (AWS EKS) and container infrastructure  
• IAM and managing cloud identities at-scale  
• Secure development and application of IAC solutions (Terraform, Helm)  
• Cloud-native observability and management tools  
• Experience with automation and tooling development in one or more: Python, Go, Shell, HCL, Rego

PREFERRED QUALIFICATIONS 

• Bachelor's degree in computer science or a related field and / or candidates with equivalent job experience in lieu of a degree  
• Experience working with remote, globally distributed teams   
• Experience working in organizations that develop software and / or operate managed infrastructure and technology services for their own customers    
• Experience with CNAPP, CSPM, or CIEM solutions

By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy and that you consent to the retention of your application for consideration for future opportunities at Wiz.

We’re looking for a team player with excellent interpersonal skills & service oriented. Creative & out of the box thinker. An autodidact, quick, effective and versatile who’s able to change directions in midstream. Independent & Accountable.

As a Senior DevSecOps Engineer at Payoneer, you’ll play a critical role in embedding security throughout the software development lifecycle (SDLC). You’ll help design, implement, and maintain security controls and automations across our CI/CD pipelines, infrastructure, and application stack.

What you'll do:

• Integrate and maintain security tools across the CI/CD pipeline:
  • SAST (e.g., SonarQube)
  • SCA (Software Composition Analysis) / Dependency Scanning (e.g., Snyk, Trivy, GitHub Dependabot)
  • Secret Detection (e.g., Gitleaks, HashiCorp Vault)
  • Container/Image Scanning (e.g., Aqua, Prisma Cloud, Trivy)
• Drive security automation and enforcement for:
  • Infrastructure as Code (e.g., Terraform)
  • Configuration Management (e.g., Ansible, Chef)
  • GitOps workflows (e.g., ArgoCD)
  • Embed security guardrails and best practices across the SDLC
  • Automate compliance checks (e.g., OWASP Top 10, CIS Benchmarks) into development workflows
  • Integrate with observability and monitoring systems (e.g., Prometheus, Grafana, ELK, Coralogix)
• Collaborate cross-functionally with Product, QA, Development, and IT/Ops teams to continuously improve the security posture
• Participate in on-call rotations for production systems as needed

Who you are:

• At least 3 years’ experience as DevOps/DevSecOps/Security Engineer
• A minimum of 3 years of exposure running production workloads (AWS, Azure or GCP)
• Experience with CI/CD tools and source control management tools (e.g., Git, Azure DevOps, SonarQube, Artifactory etc...)
• Proven experience securing CI/CD pipelines
• Expertise in SCA, SAST, secret scanning, and container security
• Hands-on experience with Kubernetes, Docker, and GitOps tooling (ArgoCD or Flux)
• Proven Scripting capabilities: (e.g. PowerShell/Bash/Python)
• Experience with logging, SIEM, and monitoring platforms
• Experience with IAM, secrets management, and compliance frameworks (SOC2, ISO, etc.)
• High level Linux OS expertise
• Strong troubleshooting skills
• Proactive by nature; internal drive for excellence and improvement
• BS degree in computer science, computer engineering, relevant technical discipline or equivalent practical experienc

Advantage:

• Experience with relational and non-relational databases (Oracle, PostgreSQL, SQL, MongoDB) Experience with software development and development frameworks
• Experience with event streaming and messaging platforms such as Kafka, RabbitMQ
• Knowledge and understanding Storage and Networking

#LI-AG2

We offer the industry’s only platform that fuses customer identity and anti-fraud solutions – customer identity management, identity verification, and fraud prevention. 

We sell to industries with large, consumer-facing businesses such as: banking, financial services, insurance, fintech, gaming, ecommerce/retail, telco / media, utilities, etc.

About the Role:

We are seeking an experienced Security Engineer to join our team and take ownership of our enterprise security infrastructure. In this role, you will be responsible for managing, monitoring, and optimizing our security stack to protect the organization against evolving cyber threats. You will play a critical role in ensuring the security and integrity of our network, endpoints, cloud services, and email communications.

What you’ll do:

• Manage and maintain FortiGate firewalls, including policy configuration, VPN setup, traffic monitoring, and firmware updates to ensure robust network perimeter security, Hands-on experience with next-generation firewalls, preferably FortiGate
• Administer Cisco Meraki cloud-managed networking infrastructure, including security appliances, access points, and network segmentation policies
• Oversee Netskope CASB and SASE solutions to enforce cloud security policies, manage data loss prevention (DLP), and ensure secure access to cloud applications
• Monitor and respond to security incidents using CrowdStrike EDR, including threat hunting, investigation, containment, and remediation of endpoint threats
• Manage Abnormal Security platform to detect and respond to advanced email threats, including business email compromise (BEC), phishing, and account takeover attacks
• Administer Kandji MDM solution for Apple device management, ensuring endpoint compliance, software deployment, and security policy enforcement across the Mac and iOS fleet
• Secure and manage Google Workspace environment, including user access controls, security configurations, and audit log monitoring
• Develop and maintain security documentation, playbooks, and incident response procedures
• Collaborate with IT and DevOps / R&D  teams to implement security best practices across the organization
• Conduct regular security assessments, vulnerability scans, and risk analyses
• Stay current with emerging threats and security trends to continuously improve the organization's security posture
• Experience managing cloud-based networking solutions such as Cisco Meraki

What you’ll need:

The ideal candidate should possess a strong foundation in security principles and practical experience with the tools listed below.

• 3+ years of experience in a security engineering or similar role
• Knowledge of network protocols, VPNs, and firewall rule management
• Experience with incident response and threat investigation
• Strong analytical and problem-solving skills
• Excellent communication skills and ability to work cross-functionally
• Familiarity with MDM solutions for Apple devices, preferably Kandji
• Experience with email security solutions and threat detection
• Strong knowledge of CASB/SASE solutions, preferably Netskope
• Proficiency with EDR platforms, preferably CrowdStrike Falcon

#LI-AM1 #LI-Hybrid 

#LI-TL1 #LI-Hybrid 

About Gong

At Gong, we’re transforming customer-facing teams with our AI-powered platform that understands conversations, guides sales professionals, and drives better business outcomes. Security and trust are foundational to everything we build.

As a Senior Product Security Engineer, you will help shape how security is built, not just how it is tested or reviewed. You’ll work closely with engineering teams to secure real systems in production, influencing how services, APIs, and data flows are implemented from the ground up.

This is a hands-on role, focused on solving real security problems across cloud-native architectures and AI-driven features. You’ll work directly with developers and DevOps, dive into systems when needed, and apply strong technical judgment to ensure security is built into the product, not added later.

What Makes This Role Unique at Gong

• A product where data sensitivity is real, not theoretical
  Gong processes and analyzes customer conversations at scale, creating unique challenges around data protection, privacy, and access control.
• AI is deeply embedded in the product
  Security challenges extend beyond traditional AppSec into data handling, model behavior, and misuse scenarios.
• Security is part of how we build, not a layer on top
  The role operates within engineering workflows, focusing on building secure systems rather than enforcing external controls.
• Meaningful scale and real production impact
  You’ll work on systems that handle large volumes of data and traffic, where security decisions directly affect reliability and trust.
• A culture that values practical, engineering-driven security
  The focus is on solving real problems and enabling teams, not on process-heavy or compliance-driven approaches.
• High ownership with room to grow
  You’ll have the autonomy to take initiative, drive improvements, and expand your impact as the platform evolves.

What You’ll Do

• Secure real product flows end-to-end - Work directly with engineers to identify and fix vulnerabilities across services, APIs, and data paths in production systems
• Drive secure-by-design practices in engineering - provide practical guidance on authentication, authorization, data protection, and service-to-service communication
• Secure cloud-native environments - strengthen identity (IAM), isolation, and access control across Kubernetes, containers, and cloud infrastructure
• Build and scale security in the development lifecycle - integrate and tune security tooling (SAST, SCA, IaC scanning, secrets detection) into CI/CD pipelines to improve signal and developer adoption
• Own vulnerability management as a system - prioritize risks, drive remediation with engineering teams, and eliminate recurring issues through root-cause fixes
• Strengthen software supply chain security - reduce risk across dependencies, third-party components, and build/release pipelines
• Secure AI/ML-driven features - partner with data and AI teams to mitigate risks such as data exposure, misuse, and model-related vulnerabilities
• Raise the security bar across engineering - mentor developers and help teams take ownership of security in their code and services
• Enable fast, informed decisions - clearly communicate risks and trade-offs to support product and engineering velocity

What You Bring

• 5+ years of experience in Product Security, Application Security, or a similar hands-on security engineering role
• Proven experience working closely with engineering teams on real systems in production, not just assessments
• Strong understanding of secure design and threat modeling, with the ability to influence architecture decisions
• Deep knowledge of application security principles (OWASP Top 10 and beyond), including modern attack vectors
• Hands-on experience securing web applications, APIs, and distributed systems
• Strong experience with cloud environments (AWS, GCP, and/or Azure), including identity and access management (IAM)
• Familiarity with Kubernetes, containers, and cloud-native architectures
• Experience integrating security into CI/CD pipelines and improving developer workflows
• Practical experience with security tooling (SAST, SCA, IaC scanning, secrets detection), including tuning and operationalizing
• Experience working with modern development stacks (e.g., Java, Python, JavaScript/TypeScript, React or similar)
• Strong problem-solving skills and the ability to analyze complex systems and prioritize meaningful risks
• Ability to influence developers through technical credibility and practical guidance
• Experience mentoring engineers and improving security practices across teams

Additional strengths:

• Experience securing AI/ML or LLM-based systems
• Background in offensive security/penetration testing

Making Security Real

As a Senior Information Security Engineer, you’ll be on the front lines of protecting the systems, users, and data at scale. This role is about turning strategy, architecture, and intent into enforced controls, effective detections, and resilient operations. You’ll work hands-on with the tools, signals, and incidents that define our real security posture.

If you believe security should be practical, measurable, and embedded into daily operations—and not just documented—we want you on the team.

What the Role Looks Like in Practice

You will be the technical anchor of our internal security posture:

• Architectural Ownership: Deploy, manage, and tune enterprise-grade security stacks (EDR, DLP, IAM, CASB, MDM) with a focus on deep integration and automation.
• The AI Frontier: Lead the charge on AI Security. You will implement and secure AI-driven workflows, ensuring LLM use is governed and protected against emerging threats such as data leakage and prompt injection.
• Proactive Defense: Build and maintain high-fidelity detections and guardrails that align with real-world attack techniques.
• Cross-Functional Synergy: Partner as a peer with Engineering, IT, and DevOps to ensure security controls are frictionless, automated, and effective.

What You’ll Bring

Technical Must-Haves:

• 7+ Years of Senior Experience: Extensive hands-on experience in InfoSec Engineering or SecOps within high-growth, cloud-native environments.
• AI Security Mastery (Required): You are ahead of the curve. You have practical experience securing AI adoption and leveraging AI-driven platforms to scale defensive capabilities.
• Deep Technical Stack: Expert-level knowledge of endpoint security (macOS/Linux), SaaS ecosystems, and Identity (Okta/OIDC).
• The Developer Mindset: Advanced scripting skills (Python is a must) to automate away manual toil and build custom security integrations.

Professional & Interpersonal Excellence:

• Strategic Communication: The ability to articulate complex technical risks as actionable business intelligence for diverse stakeholders, ensuring alignment between security objectives and business goals.
• Collaborative Influence: A track record of fostering strong partnerships with R&D and DevOps. You are a facilitator of "Secure-by-Design" principles, focused on engineering solutions rather than creating administrative bottlenecks.
• Crisis Management & Decisiveness: The capacity to maintain operational composure during high-stakes incidents, applying rigorous prioritization and risk-based analysis to drive remediation.
• Pragmatic Professionalism: A disciplined approach to balancing theoretical security ideals with the functional requirements of a high-velocity, global financial infrastructure.

Transmit Security gives businesses the modern tools they need to build secure, trusted and end-to-end digital identity journeys to innovate and grow. 

CX-focused, cybersecurity conscious leaders rely on Transmit Security’s xCIAM platform to provide their customers with smooth experiences protected from fraud across all channels and devices. 

Transmit Security serves many of the world’s largest banks, insurers, retailers, and other leading brands, collectively responsible for more than $1.3 trillion in annual commerce. 

About the Role:

As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients’ high bar.

You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.

What you’ll do:

• Implement an application security program
• Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
• Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
• Implement an infrastructure security program
• Integrate and implement CSPM controls within a high scale cloud environment.
• Own strategy for security in IAM, secret management and similar security-critical components
• Own security training and review for DevOps teams.
• Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
• Own compliance processes within DevOps
• Build and continuously improve SOC2 compliance processes and audit readiness tooling
• Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​

What you’ll need:

1. At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)
2. Experience managing SoC2 or ISO 27001 certifications.
3. Strong software development capabilities and application security knowledge.
4. Strong expertise in AWS, Google Cloud, and Azure security best practices.​
5. Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)
6. Hands-on work with CSPM,  SCA, SAST, secret scanning and similar tools (ORCA, Veracode, …)
7. Hands-on work with building automations and integrations around security tools.
8. Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24x7 cloud security operations in regulated environments.​