Job OverviewWe're looking for a Security Analyst to be at the core of what we do: reviewing real security cases across customer environments, recommending outcomes, and continuously improving the detection logic that powers our platform. This role sits at the intersection of hands-on SOC work and modern AI-assisted security operations - you'll develop deep expertise in cloud, identity, and SaaS threats while directly shaping the detection content and investigation workflows that protect our customers.
Responsibilities- Review and triage security cases - Investigate alerts and cases surfaced by the Artemis platform across cloud, identity, endpoint, and SaaS environments. Analyze the underlying logs and evidence to determine whether activity is malicious, benign, or a false positive.
- Recommend and document case outcomes - Provide clear, well-reasoned verdicts (true positive, false positive, benign confirmed) with supporting evidence and written justifications that feed directly into customer-facing reports and product improvement loops.
- Build and refine detections - Write new detection logic and tune existing rules to improve signal quality. Work directly in the detection layer to reduce noise, close coverage gaps, and surface threats that matter.
- Fix and maintain the detection library - Identify misfiring or noisy detections through case review and fix them. Own the quality of the detection content you touch from initial triage through to shipped improvement.
- Conduct threat hunting - Proactively investigate customer environments for signs of attacker activity that automated detections may have missed, using both structured hypothesis-driven hunting and AI-assisted workflows.
- Investigate security incidents - Perform deeper triage on escalated or complex cases, piecing together attacker timelines and identifying lateral movement, persistence, or exfiltration across data sources.
- Contribute to investigation playbooks - Document investigation techniques, artifact patterns, and case patterns as structured playbooks that help scale consistent, high-quality analysis across the team.
- Engage with the detection engineering cycle - Partner with the security engineering team to surface patterns from case review, propose new detection ideas, and validate that shipped detections perform as expected in production environments.
Qualifications- 2-3+ years of hands-on experience in a SOC, MSSP, or MDR environment (Tier 2 or Tier 3 analyst level)
- Experience triaging and investigating alerts across on prem and cloud environments (AWS CloudTrail, Okta, Entra ID, GSuite, EDR or similar)
- Working knowledge of common attacker tactics, techniques, and procedures (MITRE ATT&CK)
- Comfort with log-based investigation and evidence analysis across multiple data sources
- Ability to write clear, concise case verdicts and communicate findings to technical and non-technical audiences
- Strong attention to detail and an instinct for separating signal from noise
Bonus- Experience writing or tuning detection rules (Sigma, YARA-L, SPL, KQL, or similar)
- Familiarity with SQL or scripting for log analysis
- Background in detection engineering or security content development
- Experience with SIEM, EDR, or SOAR platforms
- Exposure to AI-assisted investigation or automation tooling
CompensationWe offer a competitive compensation of $100,000-$140,000 per year, and a top-of-market equity component. A variety of factors are considered when determining the compensation, including a candidate's professional experience. Final offer amounts may vary from the amounts listed.
