עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
We are looking for a highly analytical and action-oriented SecOps Analyst to join our SecOps Team. As we expand into a 24/7 operational model, you will be on the front lines of defending our corporate infrastructure, large-scale cloud environments, and core product network against advanced threats.
Our team operates a flat, highly automated structure. We leverage a modern Automation platform to handle the noise, meaning your time will be spent conducting deep-dive investigations, proactive threat hunting, and working directly with our Detection Engineering team to continuously improve our automated defenses.
Responsibilities:
- Alert Triage & Deep Investigation: Serve as the primary investigator for high-fidelity security alerts escalated by our SOAR platform across our SIEM and application logging hubs.
- Incident Response: Lead end-to-end investigations of suspected security incidents (e.g., compromised identities, malware, phishing, cloud anomalies, and API abuse), executing containment and remediation runbooks.
- Proactive Threat Hunting: Design and execute threat hunting campaigns across our EDR, Identity, and AWS cloud logs to uncover sophisticated threats that bypass automated detections.
- Application Security Monitoring: Monitor custom, proprietary application logs and web access traffic to detect and mitigate insider threats, tenant abuse, and unauthorized data scraping.
- Phishing & User Defense: Manage the abuse mailbox, analyze suspicious emails, extract malicious payloads/URLs, and execute rapid takedowns.
- Detection Tuning Loop: Partner directly with the Detection & Automation Engineer to identify False Positives, refine SIEM queries, and suggest logic improvements for automation playbooks.
- On-Call Rotation: Participate in the rotating on-call schedule to provide escalation support for our NOC during critical off-hours incidents.
- 2+ years of hands-on experience in a Security Operations Center (SOC), Incident Response, or Cyber Threat Intelligence role.
- Strong experience querying and analyzing logs within enterprise SIEM platforms (Splunk preferred).
- Deep understanding of common attack vectors, the MITRE ATT&CK framework, and enterprise security tools (EDR, Identity Providers, SASE/Firewalls).
- Experience investigating suspicious emails, analyzing headers, and extracting IOCs.
- Strong analytical and critical-thinking skills, with the ability to clearly articulate security risks to non-technical employees during an investigation.
- Excellent written and verbal communication skills in English for technical documentation and incident reporting.
- Experience operating within a SOAR-driven environment (e.g., Torq, Tines, XSOAR, Splunk SOAR).
- Experience querying high-volume application or observability logs (Logz.io, ElasticSearch, ELK).
- Familiarity with investigating cloud-native threats (AWS CloudTrail, IAM anomalies).
- Experience reading or writing basic scripts (Python, Bash) to assist in log parsing or automation.
- Relevant certifications (e.g., GCIA, GCIH, CySA+, or equivalent).
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
אונליין
אונליין