• Analyze user activities, permissions, and behaviors across SaaS applications and IDP platforms (e.g., Okta, Azure AD, Google Workspace, Salesforce, Workday, ServiceNow).
• Hunt for SaaS-related threats, including misconfigurations, excessive permissions, data exposure risks, and anomalous access patterns.
• Develop detection rules using JSONata and SQL to enhance the SaaS Threat Detection and Secure Configuration Engine.
• Optimize detection models to minimize false positives and improve accuracy using ClickHouse and other big-data analytics solutions.
• Collaborate with security researchers and data scientists to define new threat detection strategies based on SaaS attack vectors and industry trends.
• Continuously monitor and analyze SaaS attack techniques, adapting security posture to evolving threats.
• Work with APIs and integrations to ingest security logs from various SaaS platforms, correlating signals to detect real threats.

• 2+ years in cybersecurity, preferably in SOC, SIEM, Threat Intelligence, or Cloud Security.
• Experience with SaaS security challenges, such as shadow IT, OAuth risks, IDP misconfigurations, and excessive permissions.
• Hands-on experience with security data analysis, including large-scale log processing, anomaly detection, and behavioral analytics.
• Proficiency in SQL (e.g., ClickHouse) for querying security events and correlating threat indicators.
• Strong understanding of identity-based attacks, insider threats, and SOC detection methodologies.
• Familiarity with SIEM and XDR solutions (e.g., Splunk, Sentinel, Chronicle) and their role in modern detection engineering.
• Strong problem-solving and analytical skills to triage security incidents and optimize detection rules.

Advantages:

• Experience with JSONata for structured log processing and automation.
• Familiarity with SaaS security best practices, including least-privilege access, OAuth governance, and SSPM.
• Knowledge of SaaS security frameworks (e.g., SSPM, CASB).
• Experience with IDP security (Okta, Azure AD, Google IAM) and detecting identity-related SaaS threats.
• Hands-on experience with Threat Hunting in SaaS environments.
• Understanding of SaaS API security and experience analyzing integrations with third-party applications.