Tel Aviv-Yafo, Tel Aviv District, Israel Head of Security Research

Tel Aviv-Yafo, Tel Aviv District, Israel

Established in 2022, Guardz rapidly emerged as a noteworthy player in the cybersecurity sphere, securing $30M in funding and rallying a dedicated team of 70 industry professionals. Our vision is to foster a safer digital landscape for small and medium businesses across the globe. To this end, we introduced our comprehensive all-in-one Secure & Insure platform in early 2023, and continue to grow and expand our team, our partnerships and our revenue.

We're seeking an experienced security researcher, who crunches logs and rules for breakfast; someone who is fanatic about not letting a single attack go through, and also excited about building the right infrastructure to support it.

Responsibilities:

Own the strategy and development of security detection processes and frameworks, setting the direction for innovation and ensuring alignment with broader security goals
Serve as the primary subject matter expert for detection and orchestration of security instrumentation, delivering continuous enhancement in the protection rate of our customers
Analyze data from tens of thousands of endpoints, extract insights on offensive trends, and improve the accuracy of detection
Contribute detection features to the company’s technological stack (endpoint agent, browser extension, scanning tools and more)
Design, specify and occasionally implement new infrastructure to enable better detection, from backend log processing to threat intelligence feeds.
Provide technical triage and initial case investigation when severe attacks are detected; communicate findings and actions to customers and customer success teams
Monitor emerging threats and provide solutions and recommendations for proactive steps.

Requirements:

Proven experience in developing and implementing security strategies, including expertise in coverage techniques and familiarity with the MITRE ATT&CK Framework for identifying and mitigating security threats
Demonstrated experience and proficiency in analysis of logs and signals from EDR/XDR, IAM, DLP, Email Security etc.
Understanding of identity functionalities - both Google and M365
Understanding of internal system functionalities across Windows, Mac and Linux
Proficiency in curating, creating, testing, maintaining and fine-tuning smart detection rules - YARA, SIGMA, Snort - using OSQuery, Splunk, ELK or other platforms, and a fluent use of regular expressions (RegEx)
Experience in threat investigation, using VirusTotal, sandboxes, threat intelligence platforms and feeds, log analysis
Proven experience with orchestration and automation of detection instruments
Proficiency with Python and a self-sufficiency to write basic tools and automations independently
Experience with EDR capabilities, policies and configurations; strong familiarity with Defender or SentinelOne is an advantage
Experience with IR and SOC teams is an advantage
Experience with AI and LLM is an advantage
Experience with security writing and public speaking is an advantage