SecOps & Incident Response Engineer

Skeletons, lasers, monster trucks — the Torq brand grabs attention like nothing else in cybersecurity. And we’re growing like crazy, with $70M in Series C funding, 200% employee growth, and 300% revenue growth in 2024. Fueling Torq’s growth are our game changing agentic AI security solutions, backed by a team and culture that makes Torq one of Forbes’ Best Startup Employers in America, and a Business Insider ‘startup to bet your career on’.

Life at Torq is all gas, no brakes. We’re a team of relentless, collaborative go-getters pushing the boundaries of what’s possible for security automation. Every role is an essential driver of Torq’s success as the AI-native autonomous SecOps platform of choice for security teams across the Fortune 500. Excited about our vision and ready to make an impact as we grow? We’d love to see what you can bring to the team.

We are looking for a Security Operations & Incident Response Engineer to join our fast-growing company at a breakthrough stage, where we are building our dream team with the most passionate and professional people in the industry.

Our security team blends cyber expertise with cutting-edge automation and AI. We’re looking for someone who thrives in a fast-paced SaaS environment and is eager to make an impact.

Key Responsibilities

Security Engineering & Incident Response

• Collaborate with the CISO and peers to shape and execute the company’s security strategy.
• Develop, maintain, and continuously improve security playbooks, processes, and response frameworks.
• Manage the full lifecycle of security alerts — from triage and investigation to response and escalation — using Torq’s Case Management platform.
• Perform access and configuration reviews across cloud, SaaS, and endpoint environments, and lead remediation efforts where needed.
  
  

• Develop and fine-tune detection rules in Splunk (or similar SIEM platforms) to increase detection quality and reduce false positives.
• Utilizing Torq to build and manage automated workflows to accelerate incident response and reduce MTTR.
• Evaluate new security technologies and lead proof-of-concepts to improve existing controls.
  
  

• Partner with IT and Engineering to strengthen SaaS security practices.
• Act as a trusted advisor across teams, promoting security awareness and best practices.
• Communicate clearly in both Hebrew and English, providing documentation and updates to relevant stakeholders.
  
  

• Experience working in remote-first and SaaS-based organizations is a must.
• Experience working with cloud platforms (AWS, GCP, Azure) and SaaS security tooling is a plus.
• 4+ years of experience in Cybersecurity, specifically in Incident Response and SOC environments.
• Hands-on experience working with 24/7 security operations teams.
• Experience working with automation platforms (SOAR, Hyperautomation) and/or scripting in Python/Bash.
• Deep understanding and hands-on experience with SIEM platforms (preferably Splunk), including rule creation and tuning.
• Strong grasp of cloud adversary techniques, attack vectors, and frameworks such as MITRE ATT&CK and Cyber Kill Chain.
• Strong communication skills and ability to work independently in a fast-paced startup environment.