Detection Engineer

We’re looking for an exceptional Detection Engineer to join our growing R&D team at Mitiga.

Why Mitiga?

Mitiga is the industry's only complete solution for cloud threat detection, investigation, and response — built by investigators, for investigators. Mitiga supercharges today’s SOC teams with the cloud capabilities that enterprises have been missing, delivering broad visibility across clouds and SaaS, automation that speeds investigations, and rich context that informs cloud threat detection, hunting, and response. Together, Mitiga's capabilities minimize breach impact and enhance enterprises' cyber resilience. As an Innovation Sandbox Finalist at RSA 2024 and a new SYN Ventures portfolio company (Series B, January 2025), Mitiga is an innovator and pioneer in Cloud Security.

Mitiga is looking for a Detection Engineer to build high-fidelity Indicators of Attack (IOAs) that protect cloud environments at scale. In this role, you'll develop detection logic in PySpark that identifies sophisticated threats across cloud service providers, identity platforms, and SaaS applications. You'll work directly with native logs and telemetry from platforms like AWS, Azure, GCP, Okta, and M365 to catch attacks that traditional security tools miss. Your detections will be deployed across our customer base, directly impacting how organizations detect and respond to cloud-native threats.

What you'll do:

Develop and maintain IOAs in PySpark for cloud, SaaS, and IdP environments (AWS, Azure, GCP, Okta, M365, etc.)
Analyze attack techniques and threat intelligence to translate them into detections
Test, validate, and tune detection logic to reduce false positives while maintaining coverage
Stay current on cloud and SaaS attack patterns to identify detection gaps
Collaborate with the team to improve detection frameworks, workflows, and engineering standards

Requirements:

Who You Are:

3+ years building detections in a security context (SOC, threat detection, IR, or similar)
2+ years of proven strong Python skills and working knowledge of PySpark (Open Source contribution, active GitHub\Gitlab accounts, etc.)
Familiarity with common detection languages (KQL, SPL, Sigma, YARA, or similar)
Understanding of cloud architecture and how attackers move through cloud environments
Comfortable reading and interpreting logs from cloud providers, SaaS apps, and identity platforms
Clear communicator who can explain technical detection logic to different audiences
Self-driven and comfortable working independently in a remote setup

Some More Details and Perks:

Location: Tel Aviv, IL
Hybrid work environment
Competitive compensation package with stock options, educational fund, cibus.
Top of the line equipment

For more information, visit us at www.mitiga.io.

Mitiga is an equal opportunity employer, committed to diversity and inclusiveness and aim to attract, retain, and engage a diverse workforce. We consider all qualified applicants without regard to race, color, nationality, gender, gender identity, sexual orientation, religion, disability, age or any other characteristic protected by law.