Tel Aviv-Yafo, Tel Aviv District, Israel Security Research Principal Engineer

Tel Aviv-Yafo, Tel Aviv District, Israel

Established in 2022, Guardz rapidly emerged as a noteworthy player in the cybersecurity sphere, securing $85M in funding and rallying a dedicated team of 100 industry professionals. Our vision is to foster a safer digital landscape for small and medium businesses across the globe. To this end, we introduced our comprehensive all-in-one Secure & Insure platform, and continue to grow and expand our team, our partnerships and our revenue.

We are seeking a highly skilled and visionary Security Research Principal Engineer to join the Guardz Research Unit. This role is designed for a seasoned professional who excels at both deep security research and engineering execution, driving the future of Guardz’s defensive capabilities.
As a technical leader, you will investigate advanced threats, design detection methodologies, and architect security solutions that directly shape our product defenses. You will operate at the intersection of research and engineering, ensuring that cutting-edge insights translate into scalable protections across cloud, identity, and endpoint environments.
This is a hands-on role that combines research, engineering, and strategic impact. You will not only uncover adversary techniques but also drive the technical design of defenses and influence the broader security strategy across Guardz’s product lines.

Responsibilities:

Design and implement detection-as-code workflows (e.g., GitHub-based pipelines) to automate the lifecycle of rules, detections, and playbooks.
Engineer scalable detection and prevention mechanisms by transforming research insights into robust, automated product capabilities.
Build and optimize data pipelines and queries (BigQuery, SQL) to uncover patterns, correlate signals, and validate detection logic at scale.
Develop production-ready Python scripts, libraries, and automation tools that enhance Guardz’s research and detection engines.
Lead advanced research on adversary behaviors and attack techniques across endpoints, cloud, and identity systems.
Investigate abuse patterns, misconfigurations, and security gaps in environments including Microsoft 365, Google Workspace, and Entra ID.
Architect and maintain repositories of reusable detection logic, ensuring high code quality, testing, and CI/CD integration.
Collaborate closely with product and engineering teams to embed research-driven security controls into scalable, high-performance solutions.

Requirements:

5+ years of combined experience in security research and engineering, with a proven track record of building and deploying detection systems at scale.
Hands-on expertise in detection-as-code practices, including version control (GitHub), CI/CD pipelines, and automated testing of detection logic.
Strong programming skills in Python, with experience developing reusable libraries, automation frameworks, and production-quality tooling.
Advanced proficiency in SQL and BigQuery (or similar data platforms) for large-scale telemetry analysis, correlation, and threat hunting.
Solid experience analyzing and responding to endpoint and cloud threats, including malware, ransomware, and identity abuse.
A deep technical knowledge across cloud (Microsoft 365, Google Workspace, Entra ID), endpoint, and identity security.
Familiarity with cybersecurity frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and experience mapping detections to them.
Strong understanding of detection architectures and platforms (XDR, SIEM, SOAR, EDR, email security).
Experience with red-teaming, adversary emulation, or penetration testing in enterprise environments.
Excellent communication and cross-team collaboration skills, with the ability to translate technical insights into product impact.

Preferred:

Experience architecting and operating AI-powered SOCs (AI-SOC), leveraging LLMs and agentic workflows for automated detection, triage, and response.
Ability to design, deploy, and tune AI-driven threat hunting playbooks that correlate telemetry across cloud, identity, and endpoint.
Proven ability to develop custom AI/ML models for anomaly detection, behavioral analysis, and predictive incident response.