Security Analyst

About The Position

Requirements

• 2-3+ years of hands-on experience in a SOC, MSSP, or MDR environment (Tier 2 or Tier 3 analyst level)
• Experience triaging and investigating alerts across on prem and cloud environments (AWS CloudTrail, Okta, Entra ID, GSuite, EDR or similar)
• Working knowledge of common attacker tactics, techniques, and procedures (MITRE ATT&CK)
• Comfort with log-based investigation and evidence analysis across multiple data sources
• Ability to write clear, concise case verdicts and communicate findings to technical and non-technical audiences
• Strong attention to detail and an instinct for separating signal from noise

Nice To Haves

• Experience writing or tuning detection rules (Sigma, YARA-L, SPL, KQL, or similar)
• Familiarity with SQL or scripting for log analysis
• Background in detection engineering or security content development
• Experience with SIEM, EDR, or SOAR platforms
• Exposure to AI-assisted investigation or automation tooling

Responsibilities

• Review and triage security cases - Investigate alerts and cases surfaced by the Artemis platform across cloud, identity, endpoint, and SaaS environments. Analyze the underlying logs and evidence to determine whether activity is malicious, benign, or a false positive.
• Recommend and document case outcomes - Provide clear, well-reasoned verdicts (true positive, false positive, benign confirmed) with supporting evidence and written justifications that feed directly into customer-facing reports and product improvement loops.
• Build and refine detections - Write new detection logic and tune existing rules to improve signal quality. Work directly in the detection layer to reduce noise, close coverage gaps, and surface threats that matter.
• Fix and maintain the detection library - Identify misfiring or noisy detections through case review and fix them. Own the quality of the detection content you touch from initial triage through to shipped improvement.
• Conduct threat hunting - Proactively investigate customer environments for signs of attacker activity that automated detections may have missed, using both structured hypothesis-driven hunting and AI-assisted workflows.
• Investigate security incidents - Perform deeper triage on escalated or complex cases, piecing together attacker timelines and identifying lateral movement, persistence, or exfiltration across data sources.
• Contribute to investigation playbooks - Document investigation techniques, artifact patterns, and case patterns as structured playbooks that help scale consistent, high-quality analysis across the team.
• Engage with the detection engineering cycle - Partner with the security engineering team to surface patterns from case review, propose new detection ideas, and validate that shipped detections perform as expected in production environments.

Benefits

• Make a real world impact. Every case you review and every detection you improve directly protects real companies and real people. You're not working on theoretical security problems — you're on the front lines of active defense, with customers who depend on the quality of your analysis.
• Be challenged to be better than ever before. Our team includes some of the smartest and most driven people in the world. We guarantee you will learn more in 1 year here than 10 years in another place.
• Push the boundaries of technology. Work with and help shape the most advanced AI capabilities in cybersecurity — moving well beyond traditional SIEM workflows into a new generation of investigation automation. Your ideas will shape the product and the industry.
• Innovative culture. We obsess about customers, move fast with high quality, and value open communication, mentorship and learning. You will have autonomy to drive investigations, propose detection improvements, and own outcomes — not just follow a runbook.