HiTakeJobHiTakeJob

Security & GRC Analyst (Agentic Search) - Nebius

  • חברה: Nebius
  • מיקום: Israel
  • טכנולוגיות: IAM, GDPR, SOC 2, AWS Inspector, GuardDuty, GitHub Advanced Security, Okta, Auth0, CrowdStrike, SentinelOne, Python

תיאור המשרה

Support customer security questionnaires, RFP security sections, trust portal requests, and customer security reviews, helping Security move at the speed of commercial deals. Review security-related customer agreement requirements together with Legal and Sales, ensuring responses are accurate, practical, and aligned with Tavily’s actual controls. Perform third-party and vendor risk reviews, including SOC 2 / ISO 27001 evidence, DPAs, subprocessors, data flows, and residual risk recommendations. Support Tavily’s GRC program, including audit evidence, control tracking, risk register updates, access reviews, policy maintenance, and readiness for frameworks such as SOC 2, ISO 27001, GDPR , and NIST . Implement and operationalize security tools and workflows across cloud, SaaS, identity, endpoint, vulnerability management, monitoring, and alerting. Partner with Engineering, DevOps, IT, Legal, GTM , and Customer Success to turn security requirements into practical processes that work in a fast-growing company. 3+ years of experience in information security, security engineering, GRC , security operations, security consulting, vCISO work, or a similar hybrid security role. Hands-on experience with customer security questionnaires, RFPs, trust portals, customer security reviews, audit evidence, or enterprise security assessments. Experience implementing or operating security tools such as Wiz, Snyk, Orca, AWS Inspector, GuardDuty, GitHub Advanced Security, Dependabot, Semgrep, Trivy, CrowdStrike, SentinelOne, Okta, Auth0, Google Workspace security controls, SIEM /logging tools, or similar. Understand cloud and SaaS security basics, including IAM , SSO / MFA , access reviews, logging, endpoint security, vulnerability management, and security monitoring. Are comfortable working in a small security team where you need to be independent, practical, hands-on, and able to switch between customer, compliance, vendor, and technical work. Have supported audits or assessments against frameworks such as SOC 2, ISO 27001 / ISO 27002, GDPR , NIST CSF , CIS Controls, or similar security/privacy standards. Experience in a startup, scale-up, B2B SaaS company, security company, GRC consulting firm, or audit/security advisory environment. Experience with AI security, LLM security, prompt injection, data leakage, privacy/security controls for AI products, or AI governance. Experience improving security workflows end-to-end, such as vulnerability management, SaaS monitoring, access reviews, endpoint security, security alerting, or cloud security posture management. Competitive compensation Career growth and learning opportunities Flexibility and ownership Collaborative and innovative culture Opportunity to work on impactful AI projects International environment and talented teams

תחומי אחריות

Support customer security questionnaires, RFP security sections, trust portal requests, and customer security reviews, helping Security move at the speed of commercial deals. Review security-related customer agreement requirements together with Legal and Sales, ensuring responses are accurate, practical, and aligned with Tavily’s actual controls. Perform third-party and vendor risk reviews, including SOC 2 / ISO 27001 evidence, DPAs, subprocessors, data flows, and residual risk recommendations. Support Tavily’s GRC program, including audit evidence, control tracking, risk register updates, access reviews, policy maintenance, and readiness for frameworks such as SOC 2, ISO 27001, GDPR , and NIST . Implement and operationalize security tools and workflows across cloud, SaaS, identity, endpoint, vulnerability management, monitoring, and alerting. Partner with Engineering, DevOps, IT, Legal, GTM , and Customer Success to turn security requirements into practical processes that work in a fast-growing company. 3+ years of experience in information security, security engineering, GRC , security operations, security consulting, vCISO work, or a similar hybrid security role. Hands-on experience with customer security questionnaires, RFPs, trust portals, customer security reviews, audit evidence, or enterprise security assessments. Experience implementing or operating security tools such as Wiz, Snyk, Orca, AWS Inspector, GuardDuty, GitHub Advanced Security, Dependabot, Semgrep, Trivy, CrowdStrike, SentinelOne, Okta, Auth0, Google Workspace security controls, SIEM /logging tools, or similar. Understand cloud and SaaS security basics, including IAM , SSO / MFA , access reviews, logging, endpoint security, vulnerability management, and security monitoring. Are comfortable working in a small security team where you need to be independent, practical, hands-on, and able to switch between customer, compliance, vendor, and technical work. Have supported audits or assessments against frameworks such as SOC 2, ISO 27001 / ISO 27002, GDPR , NIST CSF , CIS Controls, or similar security/privacy standards. Experience in a startup, scale-up, B2B SaaS company, security company, GRC consulting firm, or audit/security advisory environment. Experience with AI security, LLM security, prompt injection, data leakage, privacy/security controls for AI products, or AI governance. Experience improving security workflows end-to-end, such as vulnerability management, SaaS monitoring, access reviews, endpoint security, security alerting, or cloud security posture management. Benefits & Perks: Competitive compensation Career growth and learning opportunities Flexibility and ownership Collaborative and innovative culture Opportunity to work on impactful AI projects International environment and talented teams What's it like to work at Nebius: Fast moving - Bold thinking - Constant growth - Meaningful impact - Trust and real ownership - Opportunity to shape the future of AI Equal Opportunity Statement: Nebius is an equal opportunity employer. We are committed to fostering an inclusive and diverse workplace and to providing equal employment opportunities in all aspects of employment. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, ancestry, age, disability, genetic information, marital status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable law. Applicants must be authorized to work in the country in which they apply and will be required to provide proof of employment eligibility as a condition of hire. If you need accommodations during the application process, please let us know.

דרישות

Support customer security questionnaires, RFP security sections, trust portal requests, and customer security reviews, helping Security move at the speed of commercial deals. Review security-related customer agreement requirements together with Legal and Sales, ensuring responses are accurate, practical, and aligned with Tavily’s actual controls. Perform third-party and vendor risk reviews, including SOC 2 / ISO 27001 evidence, DPAs, subprocessors, data flows, and residual risk recommendations. Support Tavily’s GRC program, including audit evidence, control tracking, risk register updates, access reviews, policy maintenance, and readiness for frameworks such as SOC 2, ISO 27001, GDPR , and NIST . Implement and operationalize security tools and workflows across cloud, SaaS, identity, endpoint, vulnerability management, monitoring, and alerting. Partner with Engineering, DevOps, IT, Legal, GTM , and Customer Success to turn security requirements into practical processes that work in a fast-growing company. 3+ years of experience in information security, security engineering, GRC , security operations, security consulting, vCISO work, or a similar hybrid security role. Hands-on experience with customer security questionnaires, RFPs, trust portals, customer security reviews, audit evidence, or enterprise security assessments. Experience implementing or operating security tools such as Wiz, Snyk, Orca, AWS Inspector, GuardDuty, GitHub Advanced Security, Dependabot, Semgrep, Trivy, CrowdStrike, SentinelOne, Okta, Auth0, Google Workspace security controls, SIEM /logging tools, or similar. Understand cloud and SaaS security basics, including IAM , SSO / MFA , access reviews, logging, endpoint security, vulnerability management, and security monitoring. Are comfortable working in a small security team where you need to be independent, practical, hands-on, and able to switch between customer, compliance, vendor, and technical work. Have supported audits or assessments against frameworks such as SOC 2, ISO 27001 / ISO 27002, GDPR , NIST CSF , CIS Controls, or similar security/privacy standards. Experience in a startup, scale-up, B2B SaaS company, security company, GRC consulting firm, or audit/security advisory environment. Experience with AI security, LLM security, prompt injection, data leakage, privacy/security controls for AI products, or AI governance. Experience improving security workflows end-to-end, such as vulnerability management, SaaS monitoring, access reviews, endpoint security, security alerting, or cloud security posture management. Competitive compensation Career growth and learning opportunities Flexibility and ownership Collaborative and innovative culture Opportunity to work on impactful AI projects International environment and talented teams