Threat Detection Engineer

Stealth Startup LinkedIn

תל אביב - יפו

We are seeking a skilled and proactive Threat Detection Engineer with strong analytical abilities to join our security team. In this role, you will be responsible for monitoring and responding to security incidents, conducting in-depth analysis of security data, and developing advanced detection methods to protect the organization from sophisticated cyber threats. As part of the team, you will play a crucial role in enhancing our defense mechanisms and addressing diverse information security challenges.

Responsibilities:

Monitor, identify, and respond to potential security incidents.
Conduct thorough analysis of security events and investigate them to the root cause.
Process and analyze large-scale security data (logs, events) to identify anomalies and suspicious patterns.
Develop and implement detection rules and alerts in SIEM and XDR systems.
Analyze threat trends and cyber intelligence to improve detection and response capabilities.
Identify and understand security risks in SaaS environments, including Shadow IT, OAuth risks, IDP misconfigurations, and excessive permissions.
Utilize SQL queries (e.g., ClickHouse) to extract relevant information from security events and correlate threat indicators.
Implement and understand SOC detection methodologies, including addressing identity-based attacks and insider threats.
Collaborate with other technical teams to enhance the overall security posture.
Document incident analysis processes and improvements to detection systems.

Requirements:

3+ years of experience in cybersecurity, preferably in SOC, SIEM, Threat Intelligence, or Cloud Security.
Hands-on experience in identifying and addressing SaaS security challenges (Shadow IT, OAuth risks, IDP misconfigurations, excessive permissions).
Hands-on experience with security data analysis, including large-scale log processing, anomaly detection, and behavioral analytics.
Proficiency in SQL (e.g., ClickHouse) for querying and analyzing security data.
Strong understanding of identity-based attacks, insider threats, and SOC detection methodologies.
Familiarity with SIEM and XDR solutions (e.g., Splunk, Sentinel, Chronicle) and understanding their role in modern detection engineering.
Excellent problem-solving and analytical skills for triaging security incidents and optimizing detection rules.
Ability to work independently and as part of a team.
Good communication skills.

Advantage: