דרושים Security Operations & Incident Response Lead בתל אביב

This is a rare opportunity to build our Security Operations & Incident Response function from the ground up. We are looking for a foundational leader to apply elite-level security practices to protect our clients' mission-critical systems. You will architect our managed security services, lead high-stakes incident response, and establish the core of our security practice. This is a hands-on role for a classic security expert passionate about tackling complex threats in modern, cloud-native environments.

About the role

• Architect and build our managed Security Operations (SOC) and Incident Response (IR) services, focusing on cloud-native (AWS, GCP, Azure) and SaaS environments.
• Lead complex, end-to-end incident response investigations for sophisticated attacks against cloud infrastructure, web applications, and corporate networks.
• Perform deep digital forensics on hosts (Windows, Linux) and networks to determine root cause, scope, and impact.
• Develop and operationalize robust IR playbooks, detection rules, and security monitoring strategies for enterprise-grade systems.
• Evaluate, deploy, and manage a best-in-class security toolchain centered around SIEM/SOAR platforms.
• Serve as the primary technical advisor to clients during security crises, providing clear guidance and direction.
• Recruit and mentor a team of security experts as the function grows.

Relevant skills

Requirements:

• 5+ years of hands-on experience in Digital Forensics & Incident Response (DFIR), leading complex investigations in enterprise environments.
• 2+ years in a leadership role with experience building security processes and mentoring technical teams.
• Expert-level knowledge of cloud security principles and incident response in at least one major cloud provider (AWS, GCP, or Azure).
• Deep understanding of modern attack vectors, MITRE ATT&CK, and TTPs targeting web applications and cloud infrastructure.=
• Proven experience deploying, managing, and creating detections for SIEM/SOAR solutions (e.g., Splunk, Sentinel, QRadar).
• Excellent communication skills, with the ability to advise both technical and executive audiences.

Advantages:

• Familiarity with blockchain fundamentals and the unique security challenges of the Web3/DeFi ecosystem.
• Experience with on-chain analysis or blockchain forensic tools.
• Proficiency in scripting languages like Python or Go for security automation.
• Experience with malware reverse engineering.