Principal Engineer, Cloud Content (Cybersecurity)

TL;DR

Principal Engineer, Cloud Content (Cybersecurity): Design cloud-native detection logic, advanced telemetry pipelines, cloud attack-surface visibility, and real-time threat-detection capabilities across public clouds with an accent on detection-as-code frameworks, scalable architectures, and adversary tradecraft alignment. Focus on researching emerging cloud threats, leading complex investigations, and influencing platform decisions to raise detection quality and velocity.

Location: Hybrid in Israel, requiring 2-3 days per week on-site

Company

Global leader in cybersecurity protecting organizations with an AI-native platform processing 3 trillion events per day.

What you will do

• Architect, build, and optimize cloud detection pipelines including telemetry ingestion, log processing, alerting, and detection-as-code workflows.
• Develop advanced detections for cloud-native threats like IAM misconfigurations, lateral movement, runtime attacks, serverless abuse, and data exfiltration.
• Lead cloud threat research on emergent TTPs, managed services abuse, supply-chain risks, and multi-cloud attack surfaces.
• Conduct advanced investigations using cloud logs, control-plane events, network telemetry, and container signals.
• Collaborate with cloud engineering and platform teams to embed telemetry and detection hooks early in design.
• Influence architectural decisions and mentor detection engineers on standards and methodologies.

Requirements

• 8 to 15+ years in cloud threat detection, cloud security engineering, incident response, or threat hunting
• Strong expertise with AWS and at least one of Azure or GCP, including control-plane events, service logs, and runtime ecosystems
• Proven ability to design high-fidelity cloud detections in large-scale environments with FP/FN trade-offs
• Strong engineering skills in Python, Go, or equivalent; CI/CD, IaC, cloud automation
• Demonstrated leadership in complex cloud investigations turning findings into detection logic
• Deep understanding of cloud threat models: identity attacks, misconfigurations, lateral movement, exfiltration

Nice to have

• Experience with multi-cloud detection at scale
• Building detection testing frameworks or validation pipelines
• Deep knowledge of attacker tradecraft in cloud infrastructure
• Strong communication skills grounded in adversary behavior

Culture & Benefits

• Market-leading compensation and equity
• Comprehensive physical and mental wellness programs
• Competitive vacation, holidays, parental and adoption leaves
• Professional development opportunities for all
• Employee networks, volunteer opportunities, vibrant office culture
• Great Place to Work Certified globally