Incident Response Engineer (Cybersecurity)

TL;DR

Incident Response Engineer (Cybersecurity): Managing the full lifecycle of security incidents and enhancing detection capabilities with an accent on threat mitigation and automation. Focus on executing root cause analysis, tuning SIEM correlation rules, and developing SOAR workflows to optimize response efficiency.

Location: Israel - Tel Aviv

Company

hirify.global is a leader in Behavioral Biometrics, helping global financial institutions combat fraud using machine learning to analyze digital behavior.

What you will do

• Execute the full IR lifecycle including triage, containment, eradication, and recovery for complex security events.
• Perform root cause analysis and forensic examinations across Windows, Mac, and Linux environments.
• Create, test, and tune SIEM rules and dashboards to improve visibility and reduce false positives.
• Build and refine SOAR playbooks and automated response actions to streamline repetitive investigation tasks.
• Monitor and mitigate cloud-native threats across Azure, AWS, and GCP environments.

Requirements

• Experience as a SecOps/IR Analyst or Engineer with a heavy focus on active investigation.
• Deep understanding of the Incident Response lifecycle and hands-on experience managing security alerts.
• Experience identifying and mitigating threats within cloud providers (Azure, AWS, GCP).
• Strong knowledge of operating system artifacts for Mac, Windows, and Linux.
• Proficiency with Splunk or other SIEM platforms for log analysis and threat hunting.
• Scripting experience with Python or Bash to assist in data parsing and investigation.

Nice to have

• Ability to build and improve SIEM rules, correlations, and dashboards.
• Experience developing new SOAR workflows, automated actions, and response playbooks.
• Familiarity with REST APIs, Regex for advanced querying, and Kubernetes (K8S).
• Consultative skills to provide guidance on Cloud Security and SIEM operations best practices.