עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
IR Team Lead (Tier 3)
Hybrid | Central Israel
We're looking for an experienced Incident Response (IR) Team Lead to join a leading enterprise organization in Central Israel in a hybrid work model.
Please note: This is not a SOC Manager position. This role focuses on leading a Tier 3 Incident Response team responsible for cyber investigations, threat hunting, detection engineering, and response capabilities.
Responsibilities
- Lead and mentor the Tier 3 Incident Response team, including planning, prioritization, and execution.
- Build and enhance detection capabilities by developing and maintaining EDR detection rules and other security controls.
- Lead complex cyber investigations, including Incident Response, Digital Forensics, and Threat Hunting.
- Manage the organization's external SOC provider, including SLA, KPI, investigation quality, and service oversight.
- Drive continuous improvement of detection playbooks and response processes.
- Evaluate security technologies and lead POCs for new cyber defense capabilities.
- Ensure log readiness and visibility to support effective incident investigations.
- Monitor Threat Intelligence and translate MITRE ATT&CK TTPs into practical detection rules and security controls.
- Lead Purple Team exercises and Breach & Attack Simulation activities to validate and improve detection coverage.
- Work closely with Infrastructure, IT, Cloud, Cyber Intelligence, BCP, and executive stakeholders.
Requirements
- 3+ years of hands-on Tier 3 Incident Response experience.
- Proven experience leading a technical cybersecurity team.
- Strong experience developing and tuning EDR detection rules.
- Experience working with or managing an external SOC provider.
- Hands-on experience with SIEM platforms (Microsoft Sentinel, Splunk) and KQL/SPL.
- Strong understanding of Windows, Linux, Active Directory, Entra ID, networking, and enterprise IT infrastructure.
- Deep understanding of AI-related cyber threats and defensive approaches.
- Familiarity with Autonomous SOC concepts.
Advantage
- Experience with MITRE ATT&CK and translating TTPs into detection logic.
- Red Team / Purple Team / Penetration Testing experience.
- Experience with Breach & Attack Simulation platforms.
- Relevant certifications such as GCIH, GCFA, GCIA, OSCP, CRTO, or equivalent.
- Strong English communication skills.
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
ירושלים
ערב