דרושים » אבטחת מידע וסייבר » Incident Response Engineer

משרות על המפה
 
בדיקת קורות חיים
VIP
הפוך ללקוח VIP
רגע, משהו חסר!
נשאר לך להשלים רק עוד פרט אחד:
 
שירות זה פתוח ללקוחות VIP בלבד
AllJObs VIP
כל החברות >
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
לפני 16 שעות
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time
We are seeking an Incident Response Engineer to join the IR team. This technical role focuses on active investigation, threat mitigation, and the continuous improvement of the security organizations posture through detection engineering and automation development.

The successful candidate will be responsible for the full lifecycle of security incidents, from initial triage to recovery. Beyond reactive response, this role involves tuning SIEM correlation rules and developing SOAR workflows to increase operational efficiency.

What Youll Be Doing
Incident Management: Execute the IR lifecycle (Triage, Containment, Eradication, Recovery) for complex security events.
Technical Investigation: Perform root cause analysis and forensic examination across Windows, Mac, and Linux environments.
Detection & Tuning: Collaborate with the IR team to create, test, and tune SIEM rules and dashboards to reduce false positives and improve visibility.
Automation Engineering: Build and refine SOAR playbooks and automated response actions to streamline repetitive investigation tasks.
Cloud Security: Monitor and mitigate cloud-native threats across Azure, AWS, and GCP environments.
Requirements:
Requirements
Experience as a SecOps/IR Analyst or Engineer with a heavy focus on active investigation.
Deep understanding of the Incident Response lifecycle (Triage, Containment, Eradication, Recovery).
Hands-on experience handling and managing security alerts, performing root cause analysis, and leading investigations.
Experience working across cloud providers (Azure, AWS, GCP) to identify and mitigate cloud-native threats.
Strong knowledge of operating systems (Mac, Windows, Linux) and their respective artifacts.
Proficiency with Splunk or other SIEM platforms for log analysis and threat hunting.
Experience with XSOAR or other security automation tools from an end-user/analyst perspective.
Strong knowledge of security technologies, including EDR, Mail Relay, Vulnerability Scanning, Secure Access, and MDM.
Scripting experience with Python or Bash to assist in data parsing and investigation tasks.

Nice to Have
Detection Engineering: Ability to build and improve SIEM rules, correlations, and dashboards.
Automation Development: Experience developing new SOAR workflows, automated actions, and response playbooks.
Technical Literacy: Familiarity with REST APIs and Regex for advanced querying and tool integration.
Container Security: Familiarity and experience with K8S (Kubernetes).
Consultative Skills: Ability to guide best practices in Cloud Security and SIEM operations.
This position is open to all candidates.
 
Hide
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8738196
סגור
שירות זה פתוח ללקוחות VIP בלבד
משרות דומות שיכולות לעניין אותך
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
29/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
As a Security Operations & Automation, you'll be the hands-on architect of how Port detects, investigates, and responds to threats - built around AI agents and deep tooling integrations, not manual triage. You'll own incident response across corporate systems, workstations, and identity, unify alerts from every source - including cloud-originated signals that need a response - into a single SOAR/XDR fabric, and deploy AI agents to handle first-line investigation and response.

You'll work closely with IT and the Cloud Security team - taking the lead on investigation, triage, and response while they own the underlying cloud and SDLC architecture - and turn complex security signals into structured, AI-assisted, largely autonomous outcomes - fighting fire with fire.



Responsibilities

Architect and own Port's AI-driven detection and response stack, integrating SIEM, XDR, SOAR, EDR, and IAM into a single automated fabric rather than siloed tools.
Deploy and tune AI agents to handle first-line alert triage, enrichment, and investigation, with humans engaged only for true edge cases - manual L1 triage is the exception, not the default.
Build SOAR playbooks and integrations across the security and IT toolchain (endpoint, identity, ticketing, chat) so detection, enrichment, and remediation run automatically end to end - regardless of which system or platform an alert originates from.
Own the alert pipeline as a whole: unify signals from EDR, IAM, and other sources - including cloud and SaaS alerts surfaced by the Cloud Security team - into one triage and response workflow, so nothing falls through the cracks between tools.
Evaluate and integrate best-of-breed, AI-native security tools - SIEM, XDR, SOAR, EDR, email security, AI guardrails, ZTNA, and others - wiring each into the unified detection and response fabric rather than running them as siloed point solutions. Hands-on tool integration (APIs, connectors, log and telemetry ingestion) is a core skill for this role, not an occasional task.
Drive vulnerability and patch management across corporate systems and endpoints, automating prioritization and remediation workflows and coordinating with IT against strict SLAs.
Build and tune detection rules specific to Port's environment, treating detection as code and feeding AI-driven correlation across the XDR layer.
Maintain security dashboards (MTTD/MTTR, automation rate, % of alerts resolved without human touch) and report on how automation is cutting noise and response time.
Requirements:
3+ years of experience in security operations, SecOps, or security engineering roles.
Hands-on experience operating EDR/XDR. SOAR/XSOAR, SIEM platforms and cloud security services (IAM, CSPM, SSPM).
Experience building automations and playbooks using SOAR platforms or scripting (Python, Bash).
Strong incident response skills, including triaging alerts and conducting root cause analysis.
Hybrid position based in our Tel Aviv office.
Excellent written and verbal English skills
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8715686
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
22/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
You will work firsthand with our valued customers to address their complex post-sales concerns where analysis of situations or data requires an in-depth evaluation of many factors. Youre a critical thinker in understanding the methods, techniques, and evaluation criteria for obtaining results. Youll enjoy networking with key contacts outside your own area of expertise, with a strong capability of detailing difficult technical issues to both non-technical and technical professionals.
You will regularly participate in technical discussions with multi-functional teams, creating an environment of transparency that ultimately leads to better products, better working environments, and better cybersecurity. Your quick thinking and support to our clients provides the fast assistance they need to keep their environments secure - which means youll need to move quickly, thoughtfully, and provide technical assistance as needed (often, in high pressure situations).
Your Impact
Provide customers on-site support, deployment and implementation, knowledge transfer, configurations, troubleshooting, and standard methodologies to customers via phone, e-mail, and web.
Use fault isolation and root cause analysis skills to diagnose and tackle complicated technical issues
Provide post sales technical support, while handling support cases to ensure issues are recorded, tracked, resolved, and follow-ups finished in a timely manner
Work to reproduce customer issues and qualify critical issues
Publish Technical Support Bulletins and other user documentation in the Knowledge Base
Build a positive customer experience by working closely with Development, Sales, Quality Assurance, and Marketing
Responsible for reviewing user documentation for training materials, technical marketing collateral, manuals, problem solving guides, etc.
Provide on-call support 24x7 on an as needed basis
Travel may be required to customer sites in the event of a critical situation to expedite resolution
Work shoulder to shoulder with the Sales and Sales Engineering Teams.
Requirements:
Your Experience
4+ years of deep technical knowledge and technical support with a strong customer focus or related experience
Experience with automation and orchestration concepts, including scripting, API usage, and workflow design; experience with SOAR platforms such as Cortex XSOAR - advantage
Proficiency with SIEM and analytics platforms such as IBM QRadar, Splunk, ArcSight, FortiSIEM, Trellix, and Cortex XSIAM, including parsing, correlation, data modeling, and dashboard development.
Hands-on experience deploying and supporting Endpoint security technologies and solutions, including EDR/XDR, SOAR, and SIEM platforms. (our company XDR, McAfee Endpoint Security, Data Loss Prevention (DLP), CrowdStrike, and Symantec products)
Strong scripting and automation skills using Python, Bash, and Powershell.
Experience building queries, correlations, detections, and dashboards in SIEM or analytics platforms.
Understanding of security detections, alerting, incident response workflows, and threat analysis methodologies, including familiarity with MITRE ATT&CK.
Experience investigating issues and incidents across network, endpoint, cloud, and identity domains, with the ability to identify root cause and reduce false positives.
Strong knowledge of networking technologies and protocols, including DNS, IP routing, SSH, FTP, HTTP/HTTPS, email routing, and Internet security.
Proven experience deploying, maintaining, and troubleshooting multi-vendor firewall environments, including Cisco, Check Point, Juniper, and Fortinet. Experience with our company NGFW and VM-Series is a strong advantage.
Proficiency with Windows, Linux, macOS, iOS, and Android, including installation, troubleshooting, and debugging.
Experience with enterprise deployment and management tools such as SCCM, Group Policy, Active Directory, and JAMF.
Knowledge of cloud platforms such as AWS, Azure, and GCP.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8705046
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
You will work firsthand with our valued customers to address their complex post-sales concerns where analysis of situations or data requires an in-depth evaluation of many factors. Youre a critical thinker in understanding the methods, techniques, and evaluation criteria for obtaining results. Youll enjoy networking with key contacts outside your own area of expertise, with a strong capability of detailing difficult technical issues to both non-technical and technical professionals.
You will regularly participate in technical discussions with multi-functional teams, creating an environment of transparency that ultimately leads to better products, better working environments, and better cybersecurity. Your quick thinking and support to our clients provides the fast assistance they need to keep their environments secure - which means youll need to move quickly, thoughtfully, and provide technical assistance as needed (often, in high pressure situations).
Your Impact
Provide customers on-site support, deployment and implementation, knowledge transfer, configurations, troubleshooting, and standard methodologies to customers via phone, e-mail, and web.
Use fault isolation and root cause analysis skills to diagnose and tackle complicated technical issues
Provide post sales technical support, while handling support cases to ensure issues are recorded, tracked, resolved, and follow-ups finished in a timely manner
Work to reproduce customer issues and qualify critical issues
Publish Technical Support Bulletins and other user documentation in the Knowledge Base
Build a positive customer experience by working closely with Development, Sales, Quality Assurance, and Marketing
Responsible for reviewing user documentation for training materials, technical marketing collateral, manuals, problem solving guides, etc.
Provide on-call support 24x7 on an as needed basis
Travel may be required to customer sites in the event of a critical situation to expedite resolution
Work shoulder to shoulder with the Sales and Sales Engineering Teams.
Requirements:
4+ years of deep technical knowledge and technical support with a strong customer focus or related experience
Experience with automation and orchestration concepts, including scripting, API usage, and workflow design; experience with SOAR platforms such as Cortex XSOAR - advantage
Proficiency with SIEM and analytics platforms such as IBM QRadar, Splunk, ArcSight, FortiSIEM, Trellix, and Cortex XSIAM, including parsing, correlation, data modeling, and dashboard development.
Hands-on experience deploying and supporting Endpoint security technologies and solutions, including EDR/XDR, SOAR, and SIEM platforms. (Palo Alto Cortex XDR, McAfee Endpoint Security, Data Loss Prevention (DLP), CrowdStrike, and Symantec products)
Strong scripting and automation skills using Python, Bash, and Powershell.
Experience building queries, correlations, detections, and dashboards in SIEM or analytics platforms.
Understanding of security detections, alerting, incident response workflows, and threat analysis methodologies, including familiarity with MITRE ATT&CK.
Experience investigating issues and incidents across network, endpoint, cloud, and identity domains, with the ability to identify root cause and reduce false positives.
Strong knowledge of networking technologies and protocols, including DNS, IP routing, SSH, FTP, HTTP/HTTPS, email routing, and Internet security.
Proven experience deploying, maintaining, and troubleshooting multi-vendor firewall environments, including Cisco, Check Point, Juniper, and Fortinet. Experience with Palo Alto Networks NGFW and VM-Series is a strong advantage.
Proficiency with Windows, Linux, macOS, iOS, and Android, including installation, troubleshooting, and debugging.
Experience with enterprise deployment and management tools such as SCCM, Group Policy, Active Directory, and JAMF.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8715198
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
Were looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes.
As a Senior Hyperautomation Engineer - Wayfinder MDR, you will be tasked with designing, building, and operating the automation layer that powers Wayfinder MDR. Join our Wayfinder MDR organization, an elite Managed Detection & Response service protecting some of the worlds largest and most complex environments. You will work closely with Threat Service Engineers (TSEs), SOC analysts, Threat Hunters, and R&D teams to transform manual SOC processes into scalable, reliable, and efficient automation workflows. This role focuses on engineering and automation, not alert triage. You will help shape how MDR operates at scale by reducing manual workload, improving signal-to-noise ratio, and enabling faster and more consistent threat detection and response.
What Will You Do?
Primary responsibilities include:
Design, develop, and maintain hyperautomation workflows that support alert triage, enrichment, investigation, and response.
Convert SOC playbooks, investigation logic, and threat-hunting processes into automated, production-grade workflows.
Proactively identify repetitive or high-volume SOC tasks and implement automation to improve efficiency and consistency.
Build and maintain integrations with internal platforms and third-party security tools using APIs, webhooks, and event-driven mechanisms.
Collaborate closely with Threat Service Engineers (TSEs) and SOC teams to fine-tune existing detections and automation logic.
Improve and optimize MDR operational processes to ensure fast response times and effective threat mitigation.
Own automation workflows end-to-end, including design, deployment, monitoring, troubleshooting, and continuous improvement.
Create and maintain automation playbooks, templates, and best practices to support incident response at scale.
Work closely with R&D and product teams to provide operational feedback and help shape future detection and response capabilities.
Requirements:
Ideal candidates will have:
5+ years of experience in Security Engineering, Automation Engineering, SOC Tooling, Backend Engineering, or similar technical roles.
Strong experience with Python (required); experience with SQL is highly preferred.
Experience building and operating automation workflows or backend services in production environments.
Solid understanding of SOC operations, incident response workflows, and security alert lifecycles.
Experience working with APIs, integrations, and distributed systems.
Strong problem-solving skills with the ability to translate operational challenges into scalable engineering solutions.
Professional and articulate, with strong written and verbal communication skills.
Ability to manage multiple workstreams and prioritize effectively in a fast-paced environment.
Experience working in MDR, SOC, Threat Hunting, or Incident Response environments.
Familiarity with cloud platforms (AWS preferred).
Experience with security telemetry, alerting pipelines, SIEM/XDR concepts, or internal SOC tooling.
Experience building internal tools for operational or security teams.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8713846
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
15/06/2026
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time
We are looking for a SecOps Engineer to join our Security Operations team as the technical lead for Incident Response and Cloud Security.

The team is responsible for monitoring our production and corporate environments, responding to security incidents, and continuously hardening our cloud, network, and CI/CD posture. This role is the senior technical anchor of the function: the first responder during critical incidents, the architect behind our cloud and network defenses, and a technical mentor to the rest of the team.

You will own the Incident Response practice, lead our cloud security program across CNAPP, SASE/ZTNA, and CI/CD supply-chain security, and partner with Engineering, DevOps, and Platform teams to drive security improvements at scale. Participation in an on-call rotation for critical incidents is required.

How Will You Make an Impact?

Own our SASE/ZTNA stack: policy management, network security, secure access.

Own our CNAPP platform: workload protection, posture management, vulnerability prioritization.

Own our CI/CD security platform and drive software supply-chain security across the organization.

Serve as IR Expert: first responder for critical security incidents, owning detection, containment, eradication, and recovery.

Lead post-incident root-cause analysis and drive remediation across the organization.

Build and maintain IR playbooks, runbooks, and tabletop exercises.

Partner with DevOps and Platform teams on secure-by-default cloud architecture.

Contribute to broader security architecture decisions across the security stack.

Mentor more junior engineers on the team and lead technical reviews of their work.

Act as deputy to the SecOps Team Lead on strategic initiatives.

Participate in the critical-incident on-call rotation.
Requirements:
 3-4 years of hands-on experience in Security Operations or Security Engineering.

Demonstrated Incident Response leadership: You have run real incidents end to end, from detection through post-incident review.

Hands-on experience with CNAPP, CSPM, or CWPP platforms.

Knowledge of AWS, GCP, or Azure security primitives and cloud-native threat models.

Experience with SASE or ZTNA architectures.

Familiarity with CI/CD and software supply-chain security (e.g., GitHub Actions hardening, SLSA).

Scripting skills in Python (or equivalent) for automation, tooling, and IR support.

Working knowledge of MITRE ATT&CK and modern adversary tradecraft.

Ability to lead a war room, brief executives, and communicate clearly under pressure
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8695446
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
15/06/2026
Location: Tel Aviv-Yafo
Job Type: Full Time
We are looking for a Security Engineer to join our Security Operations team and grow into our SOAR and automation specialist.

The team is responsible for monitoring our environments, identifying and responding to security alerts, and continuously improving how we detect and respond to threats. This role focuses on the automation side of the function: building the workflows that make the rest of the team faster, from automated alert triage to enrichment pipelines to response playbooks.

You will work closely with senior engineers on the team to build and maintain SOAR content, integrate our security tools, and support detection deployment efforts. This role offers a strong opportunity to grow professionally in the security field, with direct exposure to detection engineering, incident response, and a modern enterprise security stack.

How Will You Make an Impact?

Own day-to-day operation of our SOAR platform.

Build and maintain automation playbooks for alert triage, enrichment, ticketing, and notifications.

Build and maintain integrations between SOAR and the broader security stack via APIs.

Monitor integration health, API connections, and credential rotation across automated workflows.

Measure and report on automation impact: alerts auto-resolved, analyst time saved, and MTTR reduction.

Support detection engineering on testing, deployment, and rollout of new content.

Write small scripts to support ad-hoc threat hunting and IR work.

Create and maintain technical documentation for playbooks and integrations.
Requirements:
1-2 years of hands-on experience in IT, SOC, or Security Engineering.

Scripting skills in Python; familiarity with JavaScript or Bash is a plus.

Comfortable working with REST APIs, JSON, and webhooks.

Understanding of networking and protocol fundamentals: TCP/IP, DNS, HTTP, authentication flows.

Familiarity with at least one SOAR platform is a strong plus.

Exposure to SIEM, EDR, or cloud security tools is a plus.

Attention to detail and structured thinking.

Clear written communication.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8695429
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
22/06/2026
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time
Required Senior Cybersecurity Engineer
Why is this role so important?
As a Senior Cybersecurity Engineer reporting directly to the Chief Information Security Officer (CISO), you will play a key role within our security team. In this position you will drive impactful security initiatives that support the companys business objectives, leveraging innovative technologies and practical solutions to strengthen our security posture while enabling the business to operate securely and efficiently.
You will collaborate with cross-functional teams across the organization, including IT, R&D, Product, and other stakeholders, to ensure that security is embedded throughout our products, services, and operations. You will help identify and mitigate risks, implement effective security controls, and continuously enhance our security capabilities in a dynamic, fast-growing, technology-driven environment.
Responsibilities:
Implement, manage, and continuously enhance security controls across cloud environments (AWS, GCP, Azure), endpoints, SaaS platforms, and applications.
Administer, optimize, and maintain security technologies, including EDR/XDR, SIEM, CDR, CNAPP, DLP, IAM, SASE, MFA, network security solutions, and more.
Take a leading role in securing our adoption of Generative AI & LLM-based technologies, assessing risks, defining security controls, and establishing guardrails for AI agents, MCP-based integrations, and AI-powered applications across the organization.
Design, implement, and automate security processes, workflows, and controls to improve operational efficiency, visibility, and risk reduction across the organization.
Partner with IT, DevOps, Engineering, and Product teams to drive security-by-design principles across system architecture, software development and AI lifecycles, cloud infrastructure, and business operations.
Lead vulnerability management initiatives, including identification, assessment, prioritization, remediation tracking, validation, and reporting across applications and environments.
Implement, manage, and maintain secure configuration baselines, hardening standards, and technical controls aligned with industry frameworks and best practices, including CIS Benchmarks, NIST(CSF), and ISO/IEC 27000 series.
Take an active role in security operations activities, including threat detection, IR, security investigations, and continuous monitoring of the organization's security posture.
Lead GRC initiatives through control implementation, assessments, audit support, customer security & Due Diligence Questionnaires (DDQs), and remediation efforts related to SOC 2, SOX, ISO 27001, and other compliance frameworks.
דרישות:
5+ years of experience in Information Security, Cybersecurity, or a related technical field.
Experience securing cloud environments (AWS, GCP, Azure), SaaS platforms, and enterprise applications (APIs and Integrations).
Experience implementing and managing security technologies such as EDR/XDR, SIEM, CNAPP, IAM, SSO, MFA, Identity Providers (IdPs), WAF, VPN, DLP, ZTNA, and secure connectivity solutions
Strong understanding of security frameworks, standards and best practices, such as NIST CSF, CSA, CIS Controls, MITRE ATT&CK, OWASP, SOC 2, or ISO/IEC 27000 series.
Experience with vulnerabilities/CVEs management, assessment, incident response, and security operations processes.
Experience working with DevOps, R&D, and IT teams to integrate security into OS, cloud infrastructure, SDLC, applications, and operational processes, including authentication and authorization technologies such as SSO, SAML, OAuth, and OpenID Connect.
Experience with scripting and automation using Python, Bash, PowerShell, or similar technologies.
Familiarity with AI security concepts, including risks and controls related to Generative AI, LLMs, AI agents, MCP-based integrations, and AI-powered applications.
Experience supporting GRC initiatives, audits, compliance programs, and security assurance activities המשרה מיועדת לנשים ולגברים כאחד.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8704911
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
Location: Tel Aviv-Yafo
Job Type: Full Time
Required Senior Intelligence Analyst, Threat Intelligence Delivery
About the job
In this role, being onsite and embedded with a customer several days per week, you will leverage our cyber threat intelligence to enable network defenders and customer Cyber Threat Intelligence (CTI) teams to defend against the threats they face. You will be supported and enabled by a network of colleagues and specialists right across Threat Intelligence and will contribute to our wealth of technical skills and CTI knowledge. You will have access to industry leading tooling and data and will work towards delivering on customer priority intelligence requirements. You will be supporting the customer's CTI defensive mission, helping their Security Operations Center (SOC), threat hunters, detection engineers, and CTI analysts counter threats and enable the safe and secure running of their networks and operations.
A recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.
Responsibilities
Build an understanding of the customers' CTI requirements. Identify their needs and opportunities for deployment of CTI within their operations to have the greatest defensive impact.
Track, research and contribute CTI analysis within Threat Intelligence, of customer's priority threat concerns.
Enable customer SOC analysts and Hunt teams to deploy and leverage our CTI.
Generate CTI and perform analysis of customer data, taking their bespoke sources to identify threat activity, or to build and automate investigative workflows.
Support the integration of CTI into customer's security processes and technologies, including Security Information and Event Management (SIEM) and Threat Intelligence Platform (TIP) systems. Write intelligence reporting against customer requirements, appropriate for their intelligence analysts or executive readers.
Requirements:
Minimum qualifications:
Bachelor's degree or equivalent practical experience.
5 years of experience in a customer-facing role in cyber intelligence and cyber operations.
Experience working with security operations functions such as SOC tier 1/2, Hunt teams, executive managers, Chief Information Security Officer (CISO).
Experience working in a government or military environment, developing cyber threat intelligence for network, host and log analysis, to enable the detection and response to cyber threats.
Experience analyzing Indicators of Compromise (IOCs ) including sandbox output.
Preferred qualifications:
Experience in leveraging cyber threat intelligence to describe, track and develop new intelligence on advanced persistent threats.
Experience in SOC operations, threat hunting, detection engineering and SOC workflow optimization.
Experience conducting/supporting incident response and investigations within enterprise environments.
Experience with network Intrusion Detection System (IDS) monitoring, Endpoint Detection and Response (EDR) solutions, SIEM, Security Orchestration, Automation, and Response (SOAR) integration, managing, contributing CTI into threat intelligence platform.
Understanding of core cyber security concepts, common enterprise IT infrastructure components, operating system internals and networking.
Eligible to obtain security clearance in Israel as this can be a client requirement.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8719201
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time
We are looking for a Identity Security Analyst who will focus on investigating and resolving customer-reported security bugs. In this role, youll sit at the intersection of security research, product engineering, and customer success: youll reproduce issues, analyze impact and root cause, coordinate fixes with R&D, and communicate findings back to customers in a clear, actionable way.

This is a hands-on, technical position ideal for someone who enjoys debugging, incident-style investigations, and direct customer impact.

Key Responsibilities

Bug Triage & Investigation

Review and prioritize customer-reported security bugs (vulnerabilities, false positives, detection gaps, performance/coverage issues).

Reproduce issues in lab environments using customer-provided data, logs, and configurations.

Validate whether a bug is product defect, configuration issue, environmental limitation, or expected behavior.

Security Analysis

Analyze suspected vulnerabilities, misconfigurations, or detection gaps to determine impact, severity, and likelihood.

Correlate product behavior with attack techniques (e.g., MITRE ATT&CK, AD / identity attacks, NTLM relay, Kerberos abuse).

Perform log and event analysis (Windows Security / Sysmon / AD / LDAP / application logs) to understand bug context and side effects.

Resolution & Fix Coordination

Work closely with R&D / engineering teams to:

Provide clear reproduction steps, data, and technical context.

Propose mitigations and contribute to detection or logic fixes.

Verify hotfixes and releases against customer scenarios.

Track bugs through their full lifecycle to ensure timely resolution and high SLA adherence.

Customer Communication

Collaborate with Support, Customer Success, and SEs to:

Explain root cause and resolution in customer-friendly language.

Provide interim workarounds or configuration guidance when needed.

Contribute to knowledge base articles, runbooks, and best-practice guides.

Quality & Continuous Improvement

Identify recurring patterns in customer bugs and propose long-term product or process improvements.

Help refine internal monitoring, alerting, and testing for security-sensitive components.

Contribute to test cases and validation criteria for new features from a security QA perspective.
Requirements:
2-4+ years in a technical security or support role, such as:

Security Analyst / SOC Analyst

Security Engineer

Technical Support Engineer in a security or infrastructure product

Scripting and automation skills in PowerShell to speed up investigation and test setup.

Solid understanding of:

Identity and access concepts (Active Directory, authentication, privileges, groups)

Basic networking and protocols (TCP/IP, DNS, HTTP/S, SMB, LDAP/LDAPS)

Hands-on experience with:

Debugging and reproducing complex customer issues in lab environments

Strong analytical and problem-solving skills; able to systematically break down ambiguous issues.

Excellent written and verbal communication skills in English; able to explain complex technical findings to both technical and non-technical audiences.
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8695542
סגור
שירות זה פתוח ללקוחות VIP בלבד
סגור
דיווח על תוכן לא הולם או מפלה
מה השם שלך?
תיאור
שליחה
סגור
v נשלח
תודה על שיתוף הפעולה
מודים לך שלקחת חלק בשיפור התוכן שלנו :)
06/07/2026
חברה חסויה
Location: Tel Aviv-Yafo
Job Type: Full Time
Our global operations continue to expand, and were looking for a Incident Management Analyst to help ensure the stability and reliability of our global IT services.
As a key member of the IT Operations team, youll support the rapid response and coordination of critical IT incidents. This role is ideal for someone who thrives in fast-paced environments, communicates clearly under pressure, and enjoys working cross-functionally to solve complex operational challenges.
Youll work closely with technical teams, stakeholders, and leadership to ensure incidents are managed efficiently, communication flows smoothly, and services are restored as quickly as possible. Your work will play a key role in maintaining service continuity and minimizing business impact.

What Youll Do

Identify, log, and classify major IT incidents reported by internal teams or external users
Coordinate response efforts by engaging appropriate technical teams and vendors to diagnose and resolve incidents,coordination calls and document actions, updates, and timelines
Track incidents ,provide a clear and timely communication between technical teams, business stakeholders, and leadership during major incidents. Along with root cause analyses (RCAs), including performance incidents reports,
Assist in preparing RCA reports and ensure documentation and communication are completed as required, Be a contribute to knowledge base articles.
Support daily review meetings to discuss recent and ongoing high-priority incidents and operational work
Follow established Major Incident and Change Management processes, policies, and tools
Generate reports, dashboards, and performance metrics for operational and leadership reviews
Support process adoption and assist with training or guidance related to incident management practices
Requirements:
Bachelors degree in Information Technology, Computer Science, or a related field
3-5 years of experience in IT operations, incident management, or service management
Experience working with enterprise-level incident response or IT service management processes
Strong analytical and problem-solving skills with attention to detail
Excellent written and verbal communication skills
Ability to stay organized and perform effectively under pressure while managing multiple priorities
Familiarity with ITIL principles and service management best practices
Experience with ITSM tools (e.g., ServiceNow or similar platforms) - an advantage
Strong documentation and organizational skills
Fluent in spoken and written English
This position is open to all candidates.
 
Show more...
הגשת מועמדותהגש מועמדות
עדכון קורות החיים לפני שליחה
עדכון קורות החיים לפני שליחה
8725795
סגור
שירות זה פתוח ללקוחות VIP בלבד