דרושים » ניהול ביניים » Incident Response & Threat Hunting לארגון רפואי באזור המרכז

We're looking for a Senior Principal Threat Hunter to serve as a senior technical leader within our Cyber Defense Team team.

This is a high impact individual contributor role, you won't manage people, but you'll influence how we hunt, investigate

and respond to threats across cloud and SaaS environments at scale.

You'll be the person who takes a weak signal, a piece of emerging intelligence, or an unusual customer activity pattern and turns it into a meaningful investigation, a proactive hunt, or a new detection opportunity.

You'll lead the most complex investigations, drive threat intelligence initiatives, and help define the hunting methodologies that guide our customers' security outcomes.

As one of the team's most senior practitioners, you'll act as a force multiplier across hunting, intelligence, and incident response functions, elevating technical standards, mentoring peers, and helping shape the future of our detection and response capabilities.

What You'll Do
- Design and execute proactive threat hunts across cloud and SaaS environments (AWS, Azure, GCP, Okta, M365), grounded in current intelligence and ATT&CK-mapped adversary behavior.
- Mature and operate a recurring threat intelligence reporting function, turning intel into hunt leads, detection opportunities, and customer-facing narratives.
- Lead incident response investigations during US business hours, from scoping through root cause; step into the Incident Commander role when required.
- Continuously monitor threat detections and deliver responsive services with thorough event analysis and judgement.
- Triage and investigate security alerts across cloud and SaaS environments, separating true threats from noise and surfacing detection gaps to the detection engineering team.
- Leverage automation and AI tooling to scale impact, and propose improvements for processes, workflows, products, and policies.
- PLUS: Exposure to detection engineering, tooling and automation development, or prior managed services (MSSP) experience.

The Cyber Threat Intelligence Hunter will sit within Unit 42 Managed Threat Hunting and support proactive, intelligence-led hunting across customer environments. This role combines hands-on threat hunting with cyber threat intelligence analysis, helping multinational organizations stay one step ahead of adversaries and cyber threats.
Key Responsibilities
Analyze public and private threat intelligence, Unit 42 research, adversary campaigns, malware activity, infrastructure, indicators, and TTPs.
Translate threat intelligence into actionable hunting hypotheses, investigation workflows, hunting queries, and customer-facing findings.
Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting.
Investigate scheduled hunt detections and compose clear, professional reports when relevant.
Investigate hunting leads based on IOCs, threat intelligence, internal detections, customer telemetry, and emerging adversary behaviors.
Monitor the threat landscape and prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation and hunting.
Collaborate with threat hunters, detection engineers, incident responders, MDR, and Unit 42 researchers to operationalize intelligence quickly and effectively.
Escalate major, unclear, or high-impact security events to the Threat Hunting leadership team when necessary.
Provide ongoing feedback on findings, hunting reports, queries, intelligence workflows, and operational processes to support continuous improvement.

Join a team redefining cloud security operations across Cloud Detection & Response (CDR) and Cloud Security Posture Management (CSPM). Our team operates at the intersection of security, engineering, and large-scale cloud operations. We build products that help organizations detect threats faster, respond with confidence, continuously reduce risk, and secure modern cloud environments at scale. This is an opportunity to help shape the future of autonomous cloud defense by building technology that turns security signals into meaningful action.
Key Responsibilities
Help build the next generation of the Autonomous Cloud SOC by transforming detections, posture findings, and emerging threats into intelligent investigation and response workflows.
Design and build automated playbooks that investigate security signals, gather evidence, assess blast radius, validate risk, and guide or execute response actions.
Work across cloud control planes, identity systems, Kubernetes environments, network telemetry, and posture data to turn signals into high-confidence outcomes.
Leverage existing detections, continuously improve investigation logic, and ensure response workflows remain effective as cloud environments and attacker techniques evolve.

We are looking for a Security Engineer to join our Security Operations team and grow into our SOAR and automation specialist.

The team is responsible for monitoring our environments, identifying and responding to security alerts, and continuously improving how we detect and respond to threats. This role focuses on the automation side of the function: building the workflows that make the rest of the team faster, from automated alert triage to enrichment pipelines to response playbooks.

You will work closely with senior engineers on the team to build and maintain SOAR content, integrate our security tools, and support detection deployment efforts. This role offers a strong opportunity to grow professionally in the security field, with direct exposure to detection engineering, incident response, and a modern enterprise security stack.

How Will You Make an Impact?

Own day-to-day operation of our SOAR platform.

Build and maintain automation playbooks for alert triage, enrichment, ticketing, and notifications.

Build and maintain integrations between SOAR and the broader security stack via APIs.

Monitor integration health, API connections, and credential rotation across automated workflows.

Measure and report on automation impact: alerts auto-resolved, analyst time saved, and MTTR reduction.

Support detection engineering on testing, deployment, and rollout of new content.

Write small scripts to support ad-hoc threat hunting and IR work.

Create and maintain technical documentation for playbooks and integrations.

The Cortex Threat Intelligence team is responsible for maintaining an up-to-date overview of the ever-changing threat landscape and its effects on the Cortex product suite. This includes the collection, analysis, and dissemination of technical threat intelligence from multiple internal and external sources. As part of this role, you will identify detection opportunities, automate threat intelligence processes, and develop tools and methodologies to increase team productivity. our company's Cortex XDR is a market-leading platform with an almost unparalleled telemetry data lake. Our team is deeply data-driven; it is the ideal environment for analysts who are enthusiastic about data mining, tracking threat actors, and deconstructing complex cyberattacks.
Key Responsibilities
Monitor the global threat landscape using diverse sources to proactively identify potential coverage gaps and improve Cortex XDRs defensive posture.
Perform in-depth research into cyberattack techniques to provide actionable insights and suggestions for improving product capabilities.
Leverage our company's telemetry datasets to identify emerging attack patterns and hunt for novel threats.
Design and propose robust detection logic across multiple operating systems (Windows, macOS, Linux).
Partner with cross-functional teams within our company to communicate findings and co-develop security enhancements.
Transform technical intelligence into high-impact deliverables, including customer-facing reports, research articles for the company blog, or presentations at international security conferences.

We're looking for a Principal Cloud Security Researcher to serve as a senior technical leader within our Research team. This is a high-impact individual contributor role -- you won't manage people, but you'll shape the direction of our entire research function, mentor researchers, and act as a force multiplier across the organization.
You'll be the person who takes a vague threat signal and turns it into a detection strategy, a published finding, or a product capability. You'll operate as a trusted deputy to the research team lead, owning the most complex and ambiguous research challenges while raising the technical bar for the team.
What You'll Do
Drive Groundbreaking Research
Own and drive our most critical research initiatives end-to-end - from initial threat hypothesis through detection logic, product integration, and external publication.
Set the technical direction for cloud threat research across AWS, Azure, and GCP, identifying emerging attack surfaces and novel techniques before they become mainstream threats.
Investigate real-world cloud and SaaS security incidents, dissecting attacker tradecraft and extracting insights that evolve our detection capabilities.
Pioneer new forensic investigation techniques and detection methodologies for cloud-native and SaaS environments - pushing the state of the art, not just following it.
Be a Voice in the Community

Represent our company as a thought leader through high-quality research publications, conference presentations (BlackHat, DEF CON, RSA, fwd:cloudsec, and similar venues), and open-source contributions.
Build and maintain our reputation as a research-driven company that advances the field - not just a vendor with a blog.
Engage with the broader security research community, fostering relationships and collaborative knowledge-sharing.
Shape the Product

Bridge research and product - translate threat findings into actionable product requirements, working closely with engineering and product teams to ensure our CDR platform stays ahead of evolving threats.
Design and develop advanced detection algorithms that directly feed into our platform, closing the gap between research insight and customer protection.
Elevate the Team
Act as the team's go-to technical authority. When researchers hit a wall on complex cloud attack chains, IAM edge cases, or detection gaps - you're who they turn to.
Mentor and grow other researchers through research reviews, pair investigations, code reviews, and by setting quality standards and methodology best practices.
Influence technical decisions org-wide - contributing to architecture, tooling, and strategic research priorities.
Step in as the research team lead's deputy when needed - driving prioritization, representing research cross-functionally, and ensuring continuity.