We are looking for a backend engineer who can design, build, and operate highly reliable Node.js services on AWS that enable generative‑AI capabilities across our products and internal workflows.

You will create scalable APIs, data pipelines, and serverless architectures that integrate large‑language‑model (LLM) services such as Amazon Bedrock, OpenAI, and open‑source models, enabling teams to safely and efficiently leverage generative AI.

Who You Are

You have experience building Retrieval‑Augmented Generation (RAG) systems or knowledge‑base chatbots.

You're Hands‑on with vector databases such as Pinecone, Chroma, or pgvector on Postgres/Aurora.

Have AWS certification (Developer, Solutions Architect, or Machine Learning Specialty).

Experience with observability tooling (Datadog, New Relic) and cost‑optimization strategies for AI workloads.

Background in microservices, domain‑driven design, or event‑sourcing patterns.

דרישות המשרה

What You Bring to the Table 

Available working some US hours

Proficient in Hebrew and English both written and verbal, sufficient for achieving consensus and success in a remote and largely asynchronous work environment – Must

4+ years professional experience building production services with Node.js/TypeScript.

3+ years hands‑on with AWS, including Lambda, API Gateway, DynamoDB, and at least one container service (ECS, EKS, or Fargate).

Experience integrating third‑party or cloud‑native LLM services (e.g., Amazon Bedrock, OpenAI API) into production systems.

Strong understanding of RESTful design, GraphQL fundamentals, and event‑driven architectures (SNS/SQS, EventBridge).

Proficiency with infrastructure‑as‑code (AWS CDK, Terraform, or CloudFormation) and CI/CD pipelines.

Familiarity with secure coding, authentication/authorization patterns (Cognito, OAuth), and data privacy best practices for AI workloads.

We're building the financial infrastructure that powers global innovation. With our cutting-edge suite of embedded payments, cards, and lending solutions, we enable millions of businesses and consumers to transact seamlessly and securely. 

The Role

As AI capabilities accelerate across the bank, we need an engineer to design and enforce safe AI usage—protecting customer data, preserving model integrity, and meeting our regulatory obligations. You'll be the architect of guardrails, tooling, and policies that make AI both secure and useful for product and internal teams. This isn't about slowing things down; it's about building the trust layer that lets innovation move fast without breaking things.

Who You Are

You're a security engineer who's excited about the AI wave—someone who sees GenAI and LLMs as fascinating puzzles to secure, not just threats to mitigate. You've spent 5+ years in Security Engineering, AppSec, or Cloud Security, and at least 1–2 of those years have been spent getting your hands dirty with AI/ML or data-intensive systems.

You're equally comfortable dissecting a prompt injection attack as you are writing a Terraform module or shipping a Python library. You know your way around AWS and/or Azure, modern app stacks (Python/TypeScript, REST/gRPC, containers/Kubernetes), and can translate security requirements into developer-friendly tooling—not just PDF policies that gather dust.

You communicate clearly in English and Hebrew, thrive in regulated environments, and understand that security in financial services means mapping controls to frameworks like FFIEC, SOC 2, and PCI DSS—and actually having the evidence to prove it.

דרישות המשרה

What You Bring to the Table 

5+ years in Security Engineering/AppSec/Cloud Security (or similar), including 1–2+ years securing AI/ML or data‑intensive systems (GenAI preferred).

Hands‑on experience with AWS and/or Azure and modern app stacks (Python/TypeScript, REST/gRPC, containers/Kubernetes, IaC such as Terraform).

Practical understanding of LLM attack surfaces (prompt injection, data leakage via tools, training/fine‑tune poisoning, model supply chain) and mitigation patterns.

Familiarity with identity and access for AI workloads (OAuth2/OIDC, service principals, role tokens, PIM), and secure secret management/KMS.

Experience implementing observability/telemetry and routing findings to SIEM; comfort balancing privacy with traceability.

Ability to translate controls into developer-friendly libraries, docs, and CI/CD checks; strong written communication in English and Hebrew.

Comfort working in a regulated environment and mapping controls to frameworks (FFIEC, SOC 2, PCI DSS).

Flexible hybrid work model: three days a week at our Jerusalem office