Detection Engineer

We’re looking for an exceptional Detection Engineer to join our growing R&D team at Mitiga.

Why Mitiga?

Mitiga is the industry's only complete solution for cloud threat detection, investigation, and response — built by investigators, for investigators. Mitiga supercharges today’s SOC teams with the cloud capabilities that enterprises have been missing, delivering broad visibility across clouds and SaaS, automation that speeds investigations, and rich context that informs cloud threat detection, hunting, and response. Together, Mitiga's capabilities minimize breach impact and enhance enterprises' cyber resilience. As an Innovation Sandbox Finalist at RSA 2024 and a new SYN Ventures portfolio company (Series B, January 2025), Mitiga is an innovator and pioneer in Cloud Security.

Mitiga is looking for a Detection Engineer to build high-fidelity Indicators of Attack (IOAs) that protect cloud environments at scale. In this role, you'll develop detection logic in PySpark that identifies sophisticated threats across cloud service providers, identity platforms, and SaaS applications. You'll work directly with native logs and telemetry from platforms like AWS, Azure, GCP, Okta, and M365 to catch attacks that traditional security tools miss. Your detections will be deployed across our customer base, directly impacting how organizations detect and respond to cloud-native threats.

What you'll do:

• Develop and maintain IOAs in PySpark for cloud, SaaS, and IdP environments (AWS, Azure, GCP, Okta, M365, etc.)
• Analyze attack techniques and threat intelligence to translate them into detections
• Test, validate, and tune detection logic to reduce false positives while maintaining coverage
• Stay current on cloud and SaaS attack patterns to identify detection gaps
• Collaborate with the team to improve detection frameworks, workflows, and engineering standards
  
  

• 3+ years building detections in a security context (SOC, threat detection, IR, or similar)
• 2+ years of proven strong Python skills and working knowledge of PySpark (Open Source contribution, active GitHub\Gitlab accounts, etc.)
• Familiarity with common detection languages (KQL, SPL, Sigma, YARA, or similar)
• Understanding of cloud architecture and how attackers move through cloud environments
• Comfortable reading and interpreting logs from cloud providers, SaaS apps, and identity platforms
• Clear communicator who can explain technical detection logic to different audiences
• Self-driven and comfortable working independently in a remote setup
  
  

• Location: Tel Aviv, IL
• Hybrid work environment
• Competitive compensation package with stock options, educational fund, cibus.
• Top of the line equipment