Security Response Engineer

At Thales, we know technology has the ability to make our world more secure, sustainable, and inclusive – and that it’s all driven by human intelligence.

Because it takes human intelligence to build and power the systems and solutions that people depend on every day. So we stay curious and make space for diverse points of view. We share what we know and we challenge what’s possible.

We’re driving progress in some of the world’s most important industries - from the bottom of the oceans to the depths of space and cyberspace - and from manufacturing to engineering, we work together to build a future we can all trust.

Imperva, a Thales company, is a globally recognized cybersecurity leader, dedicated to securing data and applications across diverse environments. Our cutting-edge solutions empower organizations to safeguard their most critical assets, ensuring robust protection against emerging threats.

We’re proud to be recognized as one of Israel’s Top 50 High-Tech Companies to Work For in 2024 (Dun & Bradstreet) and offer a flexible hybrid work model from our Rehovot office.

We’re looking for a Security Response Engineer with strong expertise in Web Application security to join our Advanced Security Response Team (ASRT).

The Advanced Security Response Team is dedicated to the first response for security incidents, focusing primarily on the operational aspects of web application security. This includes analyzing threats, suggesting immediate remediation and mitigation methods, and actively working to block attacks in real time.

The scope of activities spans network layers 3, 4, and 7, covering a broad spectrum of threats. This includes defending against DoS & DDoS attacks, brute-force attempts, scraping, filtering unwanted traffic, as well as initial analysis and mitigation of application attack vectors such as XSS, SQL injection (SQLi), and remote code execution.

Another important responsibility of the ASRT is managing false positives. The team will investigate root causes of these misfires, propose optimal solutions to prevent recurrence, and apply necessary changes.

The ASRT works closely with the first-tier support team, serving as the focal point for security-related events and incidents. Additionally, the team maintains a two-way communication channel with the Imperva Threat Research team to share findings, exchange consultation, and stay updated on current security policies.

As a member of the ASR team, the specialist is expected to have a strong working knowledge of web application security and the current threat landscape, combined with in-depth familiarity with Imperva's security policies and processes. Proficiency with relevant tools and methodologies is required, and continuous learning in security-related topics is encouraged.

This is a full-time position that requires weekend availability and participation in a rotating weekend shift due to the real-time nature of security response.

Key Responsibility:

• Investigate and respond to active web and network-based security incidents in real time.
• Apply and validate mitigations for attacks such as SQLi, XSS, and DDoS.
• Troubleshoot false positives and fine-tune security policies.
• Collaborate with internal teams to share findings and continuously improve detection and response.
• Clearly explain security events and impacts to both technical and non-technical audiences.
• Stay up to date on emerging web attack techniques and response methods.
• Participate in a rotating weekend/on-call schedule to ensure 24/7 protection for our customers.
  
  

• At least 1 year of experience in security, networking, or a related technical field, or equivalent hands-on exposure through personal projects, labs, or internships.
• Solid understanding of web application fundamentals and common vulnerabilities (OWASP Top 10 such as SQLi, XSS, RCE, LFI, RFI).
• Working knowledge of TCP/IP, HTTP/S, DNS, and SSL/TLS.
• Comfortable using tools like Burp Suite, Postman, Wireshark, or similar.
• Strong communication and analytical skills, with the ability to stay clear and focused under pressure.
• Fluent English (spoken and written).
  
  

• Familiarity with Python or Bash scripting.
• Curiosity to explore AppSec tools and techniques, and motivation to deepen your security expertise.
• A proactive approach to learning and adapting to evolving cyber threats.