Big Ideas. Real People.

At Orca, in the right environment and with the right team, talent has no boundaries. This team spirit, together with our drive to always aim high, has quickly earned us unicorn status and turned us into a global cloud security innovation leader. So, if you’re ready to join an amazing team of people who inspire each other every day, now is the time to find your place in our pod.

Highlights

• High growth: In just seven years, we’ve reached milestones that take other companies a decade or more. We’ve doubled our employee count, tripled our customer count, and rapidly expanded our product capabilities.

• Disruptive innovation: Our founders saw that traditional security didn’t work for the cloud so they set out to carve a new path. We’re relentless pioneers who invented agentless technology and continue to be the most comprehensive and innovative cloud security company.

• Well-capitalized: With a valuation of $1.8 billion, Orca is a cybersecurity unicorn dominating the cloud security space. We’re backed by an impressive team of investors such as Capital G, ICONIQ, GGV, and SVCI, a syndicate of CISOs who invest their own money after conducting their due diligence.

• Respectful and transparent culture: Our executives pride themselves on being accessible to everyone and believe in sharing knowledge with the employees. Each employee has a place in shaping the future of our industry.

About the role

We’re looking for a Product Manager to lead Orca’s Attack Surface Management (ASM) product offerings - covering asset exposure, attack path analysis, and a dedicated API Security portfolio (API discovery, posture, and risk prevention/detection).
This is a high-impact role spanning cloud security, network exposure, identity and access, and application/API security. You’ll define the strategy for how Orca discovers internet-exposed and cloud-connected assets, prioritizes critical exposures, and maps attack paths to crown-jewel assets - so teams can focus on what’s actually exploitable and cut noise.
You’ll collaborate with engineering, design, research/analyst teams, sales engineering, and customer success to turn complex, noisy security signals into simple, actionable, and measurable outcomes for enterprise security teams.

The role is based in Israel, working closely with a remote engineering team in the UK and reporting to an Israeli manager based in the US. It requires a high level of independence, ownership, and initiative.

On a typical day you’ll

Product Strategy & Execution

• Own the vision, strategy, and roadmap for Orca’s ASM, Exposure Management, and Attack Paths products - including continuous discovery and inventory across external and cloud attack surface

• Drive attack path analysis that connects exposure → lateral movement → crown-jewel impact, with “break-the-path” remediation guidance

• Own the API Security strategy

• API discovery and inventory/ownership, auth posture (authn/authz), sensitive exposure signals, and risk prevention/detection

• Establish and track success metrics: coverage, precision, adoption, time-to-triage/remediate, and measurable risk reduction

• Identify and prioritize key initiatives across detection accuracy, automation, integrations, and enterprise readiness

Collaboration & Delivery

• Lead cross-functional execution with engineering (UK), security research and analyst, sales engineering, customer success, design, and marketing teams - to deliver best-in-class features on time.

• Translate technical and regulatory requirements into clear product specifications.

• Collaborate on go-to-market strategies, enablement materials, and field feedback loops to drive awareness and adoption of Attack Surface Management offerings.

Customer & Market Engagement

• Engage with CISOs, security architects, and exposure management owners to understand their biggest ASM challenges around exposure, attack paths and API Security.

• Stay ahead of trends in ASM, Exposure Management, CAASM/EASM, attack graph technologies, API security, and CNAPP ecosystems.

• Represent Orca as a thought leader in Exposure Management and Attack Path prioritization, working with customers, partners, and industry analysts.

About you

• 3+ years of relevant cybersecurity background, including security research, threat intelligence, offensive security or closely related roles

• 2+ years of product management experience in B2B SaaS (preferably cybersecurity) building products for enterprise customers

• Strong cloud security knowledge in at least one major cloud platform (AWS, Azure, or GCP), including networking, IAM, compute, and Kubernetes/serverless concepts

• Technical depth to partner with engineering and customer-facing teams and translate complex problems into clear requirements

• Ability to think with an attacker mindset and prioritize exposure and risk; offensive security experience is a strong advantage

• Experience working with large-scale security data, signal quality, false positives, and prioritization tradeoffs is a strong advantage

• Strong communication skills and comfort working cross-functionally across distributed teams

• Highly independent, proactive, and execution driven

• Fluent English (written and spoken)