תיאור המשרה
Description
Island is the ideal environment for enterprise work, where security is everywhere without ever getting in the way.
The Island Enterprise Platform unifies AI enablement, network access, data protection, identity, and endpoint control into one coherent workspace—so organizations get universal visibility and control, and users get a fast, fluid, beautifully simple experience. It's not just a better way to secure work. It's a better way to work. Backed by investors like Coatue Management, Insight Partners, and Sequoia Capital, and trusted by some of the largest, most respected enterprises on the planet, Island is redefining what the modern workplace can be.
Come join us in building something that's already changing how the world works.
As a Security Operations Engineer at Island, you will be a core member of the SecOps team, owning incident detection, triage, and response across Island's infrastructure and enterprise browser platform. You will work closely with the SecOps Lead to mature our IR capabilities, build the automation and tooling that power our operational workflows, and help keep Island and its customers ahead of real-world threats.
This is a hands-on, build-and-operate role - ideal for someone who is equally comfortable writing a detection rule, investigating a live incident, and shipping a Torq workflow before end of day.
Key Responsibilities
Incident Response: Lead and participate in the full incident lifecycle - detection, triage, investigation, containment, and post-mortem. Own runbooks and ensure they reflect current threat landscape and tooling.
Detection Engineering: Develop, tune, and maintain detection rules across SIEM, EDR, and security audits. Minimize false positives; maximize signal value.
Security Automation: Build and improve automated response workflows using platforms like Torq; reduce manual toil on alert triage, enrichment, and escalation paths.
Threat Monitoring & Hunting: Continuously monitor the environment for anomalies and indicators of compromise; proactively hunt for threats aligned to our threat model.
Cloud Security Operations: Investigate and triage findings from cloud-native security tooling (Wiz, AWS CloudTrail); collaborate with engineering teams on remediation of infrastructure-level issues.
Tooling & Integrations: Contribute to the ongoing development of the SecOps toolchain - integrating alert sources, building dashboards, and improving the Jira-based alert center.IR Documentation: Maintain incident.io flows, response playbooks, and post-incident reports; contribute to the team's runbook hub.
Requirements
3+ years of hands-on experience in security operations, incident response, or detection engineering.
Practical experience with SIEM, EDR, and cloud security platforms - Wiz, Coralogix, or equivalents.
Proficiency in scripting and automation; experience building or extending security automation workflows (Torq, Tines, SOAR, or similar).
Strong grasp of attacker techniques, common detection evasion methods, and incident investigation methodology.
Ability to work independently and drive initiatives end-to-end; comfortable in a fast-moving environment with shifting priorities.
Experience with threat intelligence operationalization is a plus.
Familiarity with compliance frameworks (SOC2 or equivalent) is a plus.
המשרה הזו רלוונטית עבורך?