דרושים » אבטחת מידע וסייבר » Threat Intelligence Researcher- CTI

משרות על המפה
 
בדיקת קורות חיים
VIP
הפוך ללקוח VIP
רגע, משהו חסר!
נשאר לך להשלים רק עוד פרט אחד:
 
שירות זה פתוח ללקוחות VIP בלבד
AllJObs VIP
כל החברות >
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
לפני 23 שעות
Location: Tel Aviv-Yafo
Job Type: Full Time
Required Threat Intelligence Researcher- CTI
We are on an expedition to find you, someone who is passionate about turning research into reliable, production-grade capabilities. Youll play a major role in building and shaping our next-gen CTI platform across attribution, pivoting, infrastructure prediction, EASM, and the STIX/OpenCTI knowledge base.
Responsibilities
Execute the CTI research roadmap across attribution, infra prediction, EASM, and the STIX knowledge base.
Design and implement graph-pivoting, attribution heuristics, and temporal/link models (sequence/survival/Hawkes-style).
Build high-signal EASM detectors: passive discovery and safe active probing per ROE; capture reproducible evidence.
Normalize, enrich, and deduplicate intel into STIX 2.1 aligned to our ontology; maintain/enhance TAXII/OpenCTI/MISP connectors.
Ship detectors/models and enrichment services with AI/Platform teams; contribute tests, docs, and runbooks.
Curate datasets, define ground truth, and evaluate KPIs (coverage, lead-time, precision/recall, FPR); iterate to improve signal-to-noise.
Produce watchlists, concise briefs, and early-warning hypotheses for stakeholders and priority investigations.
Uphold governance, ethics, provenance, and data-quality standards.
Requirements:
4-7+ years in CTI/EASM/offensive research or adversary-infra analysis.
DNS, BGP/ASNs, TLS/PKI & CT logs, hosting/CDN/cloud patterns, domain lifecycle, phishing ecosystems.
Communities/embeddings/clustering; temporal/link modeling and practical evaluation.
Passive discovery and safe active probing; evidence discipline and noise reduction.
STIX 2.1, ATT&CK, TAXII; advantage for OpenCTI/MISP; ontology alignment and validation.
Python (pandas, notebooks, scikit-learn, networkx/igraph); Neo4j/Elasticsearch; Kafka/SQS/Redis; Docker/Kubernetes.
Prompting/tool-use for extraction/normalization; agentic patterns with guardrails and sanity checks.
Analytical writing; collaborative, version-controlled workflow (Git); documentation rigor.
This position is open to all candidates.
 
Hide
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8723182
סגור
שירות זה פתוח ללקוחות VIP בלבד
משרות דומות שיכולות לעניין אותך
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
3 ימים
Location: Tel Aviv-Yafo
Job Type: Full Time
The Threat Intelligence group, a key member of the company Research department, leads global threat research efforts, and improves threat coverage across the evolving cyber threat landscape.
The group focuses on understanding and tracking cybercriminal organizations, nation-state (APT) actors, hacktivist activity, active malware campaigns, and emerging adversary trends. The research produced by the team supports both strategic insight and the development of advanced security technologies.
This role is responsible for conducting in-depth cyber threat landscape research and owning the full intelligence research lifecycle-from intelligence collection through analysis and written output.
Key Responsibilities
Research and analyze cyber threat actors.
Be the first to flag trends, new malware, threat actors and intelligence items that stand out in the crowd
Execute the full intelligence research lifecycle:
Monitoring and analyzing the digital underground - including the DarkNet, the DeepWeb, and other open and restricted sources
Gather & flag intelligence that stands out.
Assess, validate, and refine raw information into high-confidence insights
Produce clear, well-structured written research and threat assessments
Build, maintain, and continuously evaluate a diverse set of reliable intelligence sources
Identify long-term trends, relationships, and shifts in adversary behavior
Conduct deep intelligence collection operations and collect proprietary intelligence
Collaborate with other researchers and internal stakeholders to contextualize findings and improve threat coverage
Maintain high analytical and research standards, including sourcing, attribution, and methodological rigor.
Requirements:
At least 3 years of experience in Cyber Threat Intelligence (CTI) or cyber threat research
Deep understanding of cyber threat landscape and cybercriminal and hacktivists ecosystems: actors and groups, motivations and goals, tools and capabilities, attacks and campaigns
Proven experience across the full threat intelligence research lifecycle (collection, validation, analysis, production, and dissemination)
Strong WEBINT research and virtual HUMINT operations skills, including source discovery, validation, and long-term source management.
Excellent analytical abilities, strong attention to detail, and critical thinking skills
Strong written communication skills, with the ability to present complex research clearly and accurately
Ability to work independently as well as collaboratively within a research team
Big Plus
Knowledge of Russian, Spanish, Portuguese or Mandarin.
Familiarity with MITRE ATT&CK or similar frameworks
Experience publishing external threat research.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8721018
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
לפני 23 שעות
Location: Tel Aviv-Yafo
Job Type: Full Time
Required Senior Threat Intelligence Researcher
As a Senior Threat Intelligence Researcher, you will be responsible for tracking advanced adversaries and leveraging your deep technical expertise across attacker capabilities, infrastructure, and tactics. You will create and refine approaches to uncover and monitor active threat actors, as well as surface irregular and emerging behaviors in the broader threat landscape. The intelligence you generate will directly strengthen our understanding of threat actors and will inform proactive hunting, detection engineering, and defensive decision-making.
Responsibilities
Lead complex threat intelligence investigations through in-depth analysis of the global threat landscape, with a focus on advanced and state-linked actors.
Define and prioritize threat research focus areas (actors, campaigns, sectors, techniques) aligned with our customers and product roadmap.
Deliver actionable cyber threat intelligence and design and execute hunting campaigns using analytics, automation, and advanced AI capabilities.
Curate and maintain structured knowledge on actors, campaigns, infrastructure, and TTPs in our internal threat knowledge base.
Work closely with CyberAI researchers on the development of next-generation artificial cyber researchers and AI-driven analysis capabilities.
Requirements:
7+ years of experience in cyber security, with significant hands-on experience in threat intelligence research focused on APTs or state-linked actors.
Detailed understanding of existing APT groups historical activities, TTPs, motivations, and targeting patterns.
Strong investigative mindset, high level of intellectual curiosity, and comfort working with incomplete or ambiguous data.
Proficiency in infrastructure research, including WHOIS, passive DNS, SSL certificate analysis, BGP/ASN data, and platforms such as Censys and VirusTotal.
Strong written and verbal communication skills, with experience producing clear and concise threat intelligence reports or briefs.
Experience in software development and data analysis (e.g., Python, Jupyter, or similar) to support investigations and hypothesis testing.
Experience researching or defending government or critical infrastructure organizations- Advantage.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8723230
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
22/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
We are seeking a Principal/Senior Security Researcher to lead proactive research into emerging abuse patterns across agentic and modern endpoint environments. This includes browser extensions, SaaS- and web-delivered code, autonomous agents, MCPs and related tooling, and other forms of non-binary software that do not fit neatly into a traditional malware-focused model.
In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.
You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
Key Responsibilities
Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.
Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.
Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.
Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.
Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.
Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.
Requirements:
At least 4-5 years in cybersecurity with a track record of principal-level ownership in security research, threat research, threat intelligence, detection engineering, incident response, or a closely related discipline: self-directed programs, technical leadership on hard problems, and sustained impact on product or operations.
Demonstrated depth in offensive tradecraft and how it manifests in modern endpoint, SaaS/browser, or adjacent telemetry, not limited to commodity malware workflows.
Strong hands-on technical skills: scripting for analysis (e.g., Python), SQL, investigative query languages analysis, and low-level inspection of behaviors and artifacts appropriate to principal-level research.
Proven ability to initiate research from weak signals or open questions, not only execute on predefined queues; comfort operating with incomplete data and tightening rigor over time.
Excellent written and verbal communication; ability to persuade cross-functional partners and explain strategic tradeoffs among threat coverage and detection quality, false positives, analyst and engineering workload, and system performance at scale.
Experience collaborating with senior engineering and product leaders to land complex changes; judgment on when to ship, when to instrument further, and when to stop a line of inquiry.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8705670
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
We are seeking a Principal/Senior Security Researcher to lead proactive research into emerging abuse patterns across agentic and modern endpoint environments. This includes browser extensions, SaaS- and web-delivered code, autonomous agents, MCPs and related tooling, and other forms of non-binary software that do not fit neatly into a traditional malware-focused model.
In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.
You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
Key Responsibilities
Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.
Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.
Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.
Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.
Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.
Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.
Requirements:
At least 4-5 years in cybersecurity with a track record of principal-level ownership in security research, threat research, threat intelligence, detection engineering, incident response, or a closely related discipline: self-directed programs, technical leadership on hard problems, and sustained impact on product or operations.
Demonstrated depth in offensive tradecraft and how it manifests in modern endpoint, SaaS/browser, or adjacent telemetry, not limited to commodity malware workflows.
Strong hands-on technical skills: scripting for analysis (e.g., Python), SQL, investigative query languages analysis, and low-level inspection of behaviors and artifacts appropriate to principal-level research.
Proven ability to initiate research from weak signals or open questions, not only execute on predefined queues; comfort operating with incomplete data and tightening rigor over time.
Excellent written and verbal communication; ability to persuade cross-functional partners and explain strategic tradeoffs among threat coverage and detection quality, false positives, analyst and engineering workload, and system performance at scale.
Experience collaborating with senior engineering and product leaders to land complex changes; judgment on when to ship, when to instrument further, and when to stop a line of inquiry.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8718624
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
What you will do
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.
Requirements:
Required qualifications
Demonstrable experience in cyber threat research, threat intelligence, or detection engineering (commercial, government, or high-quality independent research).
Strong understanding of offensive techniques and how they appear in endpoint, identity, or SaaS/browser telemetry-not only classic PE malware.
Proficiency in scripting for analysis (e.g., Python), SQL, SIEM or equivalent investigative query languages, and low-level inspection of behaviors relevant to threat research and detection.
Excellent written communication; ability to explain tradeoffs between precision, coverage, and operational load.
Collaborative mindset; experience working with engineering teams on shipped features or detections.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8716865
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
we are looking for a Lead Security Researcher - AI Threat Intelligence. This key position within the threat intelligence group will be in charge of analyzing the vast amount of data that is managed by our company, develop threat intelligence on adversarial TTPs (tactics, techniques and procedures) and generate reports, presentations and blogs on anomalies and tools identified.
This role goes beyond the analyst role, as a key member of the team the threat intelligence researcher will work with internal security teams, network data, underground intelligence teams and much more, performing cutting edge research followed by presenting the research externally via various mediums.
Responsibilities:
Lead threat intelligence research focused on AI-related threats, threat actors, attack techniques, and emerging cybersecurity trends
Analyze internal and external security data to identify attack patterns, campaigns, and actionable intelligence
Explore large-scale datasets using SQL and other data analysis methods to generate research insights
Build tools, workflows, and agentic systems to automate research, investigation, and intelligence production
Research how attackers use AI and how AI can improve threat detection, investigation, and response
Publish high-quality research, including blogs, reports, threat intelligence summaries, and customer-facing insights
Present research at cybersecurity conferences, webinars, company events, and customer-facing sessions
Collaborate with product, data, engineering, and research teams to improve detections and product intelligence
Independently lead research initiatives from idea and data exploration to publication and presentation.
Travel internationally for company events and cybersecurity conferences at least six times per year.
Requirements:
At least 5 years of hands-on experience in cybersecurity, threat intelligence, security research, or security analysis
Strong understanding of the cybersecurity threat landscape, including threat actors, malware, phishing, C&C, exploitation, cloud threats, and attacker behavior
Proven experience in threat intelligence research, including IOCs, TTPs, MITRE ATT&CK, campaign tracking, and threat actor profiling
Strong data exploration skills, with practical experience using SQL to analyze large-scale security datasets
Experience using AI tools, AI coding assistants, and agentic workflows for research, automation, and data analysis
Ability to build scripts, internal tools, or agentic systems to support threat research and intelligence workflows
Strong technical writing skills, with experience publishing blogs, reports, whitepapers, or public research
Strong presentation skills, with the ability to represent the company at conferences and external events
Self-learner with high curiosity, strong ownership, and the ability to manage complex research independently
Ability to collaborate effectively with cross-functional teams, including product, engineering, and data teams
Fluent English with excellent written and verbal communication skills
Willingness to travel abroad for conferences, customer events, and company events at least six times per year
Advantageous:
Experience researching AI threats, LLM abuse, AI-assisted attacks, or AI-powered detection
Experience building agentic systems, automation frameworks, or AI-based research workflows
Background in engineering, backend systems, data infrastructure, or security platform development
Experience with data warehouses, BI tools, notebooks, or large-scale telemetry analysis
Experience with XDR, MDR, SIEM, EDR, NDR, SASE, or cloud security products.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8707062
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
22/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
we are seeking a Senior Threat Hunting Researcher for Unit 42s Managed Services group, a senior hands-on role combining threat hunting, detection engineering, and incident investigation experience. You will proactively hunt across diverse telemetry to identify suspicious behaviors and emerging threats that evade traditional security. A key part of the role is translating low-fidelity signals into high-fidelity hunting logic and reusable detection opportunities. You will collaborate with multiple teams to share findings, explain coverage, and support response and improvement efforts.
Key Responsibilities
Proactively hunt for suspicious behaviors, malware activity, threat actor tradecraft, and emerging campaign patterns across large-scale customer telemetry.
Build, validate, and tune hunting and detection logic across multiple data sources and security products.
Translate low-fidelity signals, alerts, incidents, and coverage gaps into high-fidelity hunting content and reusable detection opportunities.
Investigate suspicious activity using available telemetry and clearly communicate findings, limitations, and recommended next steps.
Improve detection quality by reducing false positives, increasing signal fidelity, and identifying meaningful coverage gaps.
Collaborate with MDR, Incident Response, Threat Intelligence, Product, and Engineering to improve protection and operational scalability.
Deliver clear, evidence-based reports and technical findings that help customers understand risk and improve defenses.
Requirements:
6+ years of hands-on cybersecurity experience across threat hunting, incident response, detection development, security research, SOC, or related security operations.
Strong understanding of attacker tradecraft, threat hunting methodologies, incident investigation workflows, and behavior-based detection concepts.
Hands-on experience with XDR, EDR, SIEM, cloud, identity, or similar security platforms, including alert investigation, telemetry analysis, and detection validation.
Proven experience writing complex hunting, detection, or correlation logic using XQL, SQL, KQL, SPL, or similar query languages.
Ability to translate low-fidelity signals, alerts, incidents, threat intelligence, and coverage gaps into high-fidelity hunting logic and reusable detection opportunities.
Experience creating, tuning, or validating hunting and detection content, including scheduled queries, analytics rules, BIOCs, correlation rules, or similar detection logic.
Strong understanding of detection quality concepts, including true-positive and false-positive analysis, signal-to-noise ratio, tuning, coverage gaps, and operational scalability.
Strong analytical, research, documentation, and communication skills, with the ability to clearly explain technical findings, detection assumptions, and coverage limitations.
Self-starter with strong attention to detail, ownership mindset, and ability to work independently in a fast-changing environment.
Preferred Qualifications
Python, SQL, notebooks, automation, or big-data hunting experience.
Experience with data science, statistics, anomaly detection, clustering, scoring, behavioral baselining, or other analytical hunting techniques.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8705673
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time and Hybrid work
We are looking for a Senior Detection Researcher to join us and play a key role in designing the next generation of our detection and enforcement systems.
What You'll Do:
Lead research initiatives to design, implement, and deploy innovative detection methods at scale, from early-stage discovery to production rollout.
Investigate adversarial attack patterns, dissect how threat actors operate, and develop countermeasures that are resilient to adaptation and evasion.
Engineer and curate features across large-scale data pipelines (Reputation signals, behavioral signals, network-level attributes) to fuel detection models and algorithms and reputation systems.
Collaborate closely with engineering, product, security research, data science, and incident response teams to translate research findings into production-grade enforcement rules and models.
Leverage AI tools daily to maximize output and drive high-quality results
Own end-to-end customer-facing research for strategic accounts. conduct deep-dive traffic analysis, resolve complex escalations, and drive detection improvements based on real-world adversarial activity.
Contribute to the team's detection quality practices by reviewing colleagues' work, monitoring production anomalies, and iterating on precision/recall trade-offs.
Requirements:
5+ years of experience working with data at scale: strong proficiency in SQL and Python and comfort handling large, complex datasets.
A researcher mindset. You know how to formulate hypotheses, design experiments, and turn ambiguous problems into measurable outcomes.
Demonstrated ability to solve real-world problems through data-driven analysis and creative thinking.
Deep curiosity about how the internet works, with a solid understanding of HTTP, web protocols, and client-server interactions.
Strong sense of ownership: you hold yourself accountable for accuracy and impact, and you proactively look for ways to improve.
Great communication skills: able to convey technical findings clearly to both technical and non-technical stakeholders.
A collaborative team player who thrives in a fast-paced, cross-functional environment.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8718504
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
22/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
What you will do
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.
Requirements:
Demonstrable experience in cyber threat research, threat intelligence, or detection engineering (commercial, government, or high-quality independent research).
Strong understanding of offensive techniques and how they appear in endpoint, identity, or SaaS/browser telemetry-not only classic PE malware.
Proficiency in scripting for analysis (e.g., Python), SQL, SIEM or equivalent investigative query languages, and low-level inspection of behaviors relevant to threat research and detection.
Excellent written communication; ability to explain tradeoffs between precision, coverage, and operational load.
Collaborative mindset; experience working with engineering teams on shipped features or detections.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8705185
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
we are seeking a Senior Threat Hunting Researcher for Unit 42s Managed Services group, a senior hands-on role combining threat hunting, detection engineering, and incident investigation experience. You will proactively hunt across diverse telemetry to identify suspicious behaviors and emerging threats that evade traditional security. A key part of the role is translating low-fidelity signals into high-fidelity hunting logic and reusable detection opportunities. You will collaborate with multiple teams to share findings, explain coverage, and support response and improvement efforts.
Key Responsibilities
Proactively hunt for suspicious behaviors, malware activity, threat actor tradecraft, and emerging campaign patterns across large-scale customer telemetry.
Build, validate, and tune hunting and detection logic across multiple data sources and security products.
Translate low-fidelity signals, alerts, incidents, and coverage gaps into high-fidelity hunting content and reusable detection opportunities.
Investigate suspicious activity using available telemetry and clearly communicate findings, limitations, and recommended next steps.
Improve detection quality by reducing false positives, increasing signal fidelity, and identifying meaningful coverage gaps.
Collaborate with MDR, Incident Response, Threat Intelligence, Product, and Engineering to improve protection and operational scalability.
Deliver clear, evidence-based reports and technical findings that help customers understand risk and improve defenses.
Requirements:
6+ years of hands-on cybersecurity experience across threat hunting, incident response, detection development, security research, SOC, or related security operations.
Strong understanding of attacker tradecraft, threat hunting methodologies, incident investigation workflows, and behavior-based detection concepts.
Hands-on experience with XDR, EDR, SIEM, cloud, identity, or similar security platforms, including alert investigation, telemetry analysis, and detection validation.
Proven experience writing complex hunting, detection, or correlation logic using XQL, SQL, KQL, SPL, or similar query languages.
Ability to translate low-fidelity signals, alerts, incidents, threat intelligence, and coverage gaps into high-fidelity hunting logic and reusable detection opportunities.
Experience creating, tuning, or validating hunting and detection content, including scheduled queries, analytics rules, BIOCs, correlation rules, or similar detection logic.
Strong understanding of detection quality concepts, including true-positive and false-positive analysis, signal-to-noise ratio, tuning, coverage gaps, and operational scalability.
Strong analytical, research, documentation, and communication skills, with the ability to clearly explain technical findings, detection assumptions, and coverage limitations.
Self-starter with strong attention to detail, ownership mindset, and ability to work independently in a fast-changing environment.
Preferred Qualifications
Python, SQL, notebooks, automation, or big-data hunting experience.
Experience with data science, statistics, anomaly detection, clustering, scoring, behavioral baselining, or other analytical hunting techniques.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8718630
סגור
שירות זה פתוח ללקוחות VIP בלבד