Menu d'accessibilité passer au contenu
Information Security

SecOps Analyst

IL, Netanya (Hybrid)

Description

We are looking for a highly analytical and action-oriented SecOps Analyst to join our SecOps Team. As we expand into a 24/7 operational model, you will be on the front lines of defending our corporate infrastructure, large-scale cloud environments, and core product network against advanced threats.

Our team operates a flat, highly automated structure. We leverage a modern Automation platform to handle the noise, meaning your time will be spent conducting deep-dive investigations, proactive threat hunting, and working directly with our Detection Engineering team to continuously improve our automated defenses.


Responsibilities

  • Alert Triage & Deep Investigation: Serve as the primary investigator for high-fidelity security alerts escalated by our SOAR platform across our SIEM and application logging hubs.
  • Incident Response: Lead end-to-end investigations of suspected security incidents (e.g., compromised identities, malware, phishing, cloud anomalies, and API abuse), executing containment and remediation runbooks.
  • Proactive Threat Hunting: Design and execute threat hunting campaigns across our EDR, Identity, and AWS cloud logs to uncover sophisticated threats that bypass automated detections.
  • Application Security Monitoring: Monitor custom, proprietary application logs and web access traffic to detect and mitigate insider threats, tenant abuse, and unauthorized data scraping.
  • Phishing & User Defense: Manage the abuse mailbox, analyze suspicious emails, extract malicious payloads/URLs, and execute rapid takedowns.
  • Detection Tuning Loop: Partner directly with the Detection & Automation Engineer to identify False Positives, refine SIEM queries, and suggest logic improvements for automation playbooks.
  • On-Call Rotation: Participate in the rotating on-call schedule to provide escalation support for our NOC during critical off-hours incidents.

Requirements

  • 2+ years of hands-on experience in a Security Operations Center (SOC), Incident Response, or Cyber Threat Intelligence role.
  • Strong experience querying and analyzing logs within enterprise SIEM platforms (Splunk preferred).
  • Deep understanding of common attack vectors, the MITRE ATT&CK framework, and enterprise security tools (EDR, Identity Providers, SASE/Firewalls).
  • Experience investigating suspicious emails, analyzing headers, and extracting IOCs.
  • Strong analytical and critical-thinking skills, with the ability to clearly articulate security risks to non-technical employees during an investigation.
  • Excellent written and verbal communication skills in English for technical documentation and incident reporting.


Advantage

  • Experience operating within a SOAR-driven environment (e.g., Torq, Tines, XSOAR, Splunk SOAR).
  • Experience querying high-volume application or observability logs (Logz.io, ElasticSearch, ELK).
  • Familiarity with investigating cloud-native threats (AWS CloudTrail, IAM anomalies).
  • Experience reading or writing basic scripts (Python, Bash) to assist in log parsing or automation.


  • Relevant certifications (e.g., GCIA, GCIH, CySA+, or equivalent).
Retour à la page des carrières

Postuler pour ce poste