Security Analyst - Vigilance
SentinelOne was founded in 2013 by an elite group of cyber-security and defense experts.
In our R&D offices in TLV, we develop a next-gen endpoint and server protection SW product that uses several layers of protection, including behavioral analysis (with ML on the collected data), anti-exploitation, traps and more in order to stop zero-day attacks that other vendors simply can’t.
It also provides unparalleled threat visibility at a minimum system impact.
What are we looking for?
Join our Vigilance organization, an elite force of cyber security experts providing a Managed Detection and Response (MDR) service to our largest customers. Help drive a world class threat monitoring, hunting, and response services. Play a crucial role in winning POCs, keeping SentinelOne top tier customers protected providing an additional level of security and confidence, by leveraging intelligence feeds, threat logs, and IOCs. The Vigilance service is a key contributor in shaping SentinelOne product-line, working hand-to-hand with the Product Managers and various R&D teams.
We are looking for a team-player, ready to work with the best security researchers out there, not afraid to dive into complex and challenging security incidents and provide best in its class MDR services.
What will you do?
- Proactively monitor, and review threats and suspicious events from customers participating in the service
- Investigate alerts, triage, deep dive, and come up with proper action item and remediation plan
- Use multiple sources of data from the customer, our intelligence cloud, external threat feeds, etc
- Perform proactive hunting for threat data, leveraging our deep visibility abilities, and proprietary research cloud.
- Work with the customer to follow up on items that require additional investigation
- Provide Incident follow up & support and work closely with our R&D teams
- Contribute to the design and development of internal tools used by the team.
What experience or knowledge should you bring?
- At least 4 years experience in Technical Support or SOC operation in a cyber security company
- Strong network and security knowledge or certification is desired
- Experience with threat research in the Windows environment.
- Experience in dynamic analysis
- Experience with data ingesting technologies (i.e. Splunk)
- Experience with SQL and\or NoSQL queries
- Excellent customer oriented individual, a problem solver
- Experience with host base (endpoint agent), or sandbox (network based) security solutions is preferred
- Multi OS support experience: Windows, Mac & Linux (mobile platforms - an advantage)
- IR experience- an advantage
- Professional and articulate with excellent written communication skills
- Ability to multitask and prioritize