Were hiring our first Product Security Researcher (SOC & Incident Response) to join our newly formed Security Research function- a critical role for someone passionate about advancing real-world SOC operations with deep cybersecurity expertise.
We are building a world-class Security Research team that will power our advanced product with deep, actionable cybersecurity expertise. This team will serve as the Subject Matter Experts (SMEs) behind our triage and Incident Response platform, defining logic, contributing threat intelligence, building use-case coverage, and continuously optimizing detection and investigation workflows.
Youll collaborate closely with Product, Engineering, and Customer Success to ensure our Auto-Triage engine reflects the latest adversarial techniques and real-world SOC operations.
Responsibilities
Serve as a domain expert in SOC workflows, alert triage, and incident response.
Design and maintain triage logic, playbook blueprints, AI Agents and more for responding to security events.
Develop and maintain alert enrichment, correlation, and classification rules across multiple data sources (EDR, SIEM, Identity, etc.).
Collaborate with product teams to define use cases, threat coverage, and analyst workflows.
Analyze real-world alerts, telemetry, and incident data to enhance product accuracy, reduce false positives and improve incident handling.
Evaluate and curate threat intelligence feeds and sources to support automated decision-making.
Conduct post-incident reviews to extract lessons and update triage logic accordingly.
Stay current with emerging threats, attacker TTPs, MITRE ATT&CK, and other frameworks.
Assist with quality assurance, testing, and validation of triage logic before deployment.
We are building a world-class Security Research team that will power our advanced product with deep, actionable cybersecurity expertise. This team will serve as the Subject Matter Experts (SMEs) behind our triage and Incident Response platform, defining logic, contributing threat intelligence, building use-case coverage, and continuously optimizing detection and investigation workflows.
Youll collaborate closely with Product, Engineering, and Customer Success to ensure our Auto-Triage engine reflects the latest adversarial techniques and real-world SOC operations.
Responsibilities
Serve as a domain expert in SOC workflows, alert triage, and incident response.
Design and maintain triage logic, playbook blueprints, AI Agents and more for responding to security events.
Develop and maintain alert enrichment, correlation, and classification rules across multiple data sources (EDR, SIEM, Identity, etc.).
Collaborate with product teams to define use cases, threat coverage, and analyst workflows.
Analyze real-world alerts, telemetry, and incident data to enhance product accuracy, reduce false positives and improve incident handling.
Evaluate and curate threat intelligence feeds and sources to support automated decision-making.
Conduct post-incident reviews to extract lessons and update triage logic accordingly.
Stay current with emerging threats, attacker TTPs, MITRE ATT&CK, and other frameworks.
Assist with quality assurance, testing, and validation of triage logic before deployment.
Requirements:
6+ years of experience in SOC operations, incident response, or threat detection.
Hands-on experience triaging alerts, conducting investigations, and working with tools like SIEM, EDR, SOAR, and XDR.
Strong understanding of logs, telemetry, and data formats (Syslog, JSON, Zeek, Windows Event Logs, etc.).
Experience defining detection or triage logic in Python, YAML, or other rule-based formats is a plus.
Familiarity with cloud security signals (AWS, Azure, GCP) and SaaS application logs is a bonus.
Preferred Skills
Prior experience building security content for SOAR/SIEM platforms.
Exposure to AI/ML use in security triage (optional but valued).
Passion for building scalable, repeatable, and impactful security solutions.
6+ years of experience in SOC operations, incident response, or threat detection.
Hands-on experience triaging alerts, conducting investigations, and working with tools like SIEM, EDR, SOAR, and XDR.
Strong understanding of logs, telemetry, and data formats (Syslog, JSON, Zeek, Windows Event Logs, etc.).
Experience defining detection or triage logic in Python, YAML, or other rule-based formats is a plus.
Familiarity with cloud security signals (AWS, Azure, GCP) and SaaS application logs is a bonus.
Preferred Skills
Prior experience building security content for SOAR/SIEM platforms.
Exposure to AI/ML use in security triage (optional but valued).
Passion for building scalable, repeatable, and impactful security solutions.
This position is open to all candidates.
