Security Analyst

Artemis is building the future of AI-driven defense - helping companies detect and defend themselves effectively in an era where AI is fighting AI on the cyber battlefield.

We're backed by First Round Capital, Brightmind, and a group of the cybersecurity industry's most prominent Operators.

Our founders, Shachar (ex-Palo Alto Networks, AWS, Demisto) and Dan (ex-Abnormal Security, Twitter) have previously built, launched, and scaled cybersecurity products loved and trusted by tens of thousands of customers, and have the customer, technology, and security know-hows to deliver this vision.

Our exceptionally strong team includes software engineers, AI researchers, security engineers, and product designers hailing from Google, Abnormal AI, Wiz, Meta, AWS, CERN, SentinelOne, and more.

We are growing our team and looking for passionate builders to join us and support our expanding customer base.

Job Overview

We're looking for a Security Analyst to be at the core of what we do: reviewing real security cases across customer environments, recommending outcomes, and continuously improving the detection logic that powers our platform. This role sits at the intersection of hands-on SOC work and modern AI-assisted security operations — you'll develop deep expertise in cloud, identity, and SaaS threats while directly shaping the detection content and investigation workflows that protect our customers.

Responsibilities

• Review and triage security cases - Investigate alerts and cases surfaced by the Artemis platform across cloud, identity, endpoint, and SaaS environments. Analyze the underlying logs and evidence to determine whether activity is malicious, benign, or a false positive.
• Recommend and document case outcomes - Provide clear, well-reasoned verdicts (true positive, false positive, benign confirmed) with supporting evidence and written justifications that feed directly into customer-facing reports and product improvement loops.
• Build and refine detections - Write new detection logic and tune existing rules to improve signal quality. Work directly in the detection layer to reduce noise, close coverage gaps, and surface threats that matter.
• Fix and maintain the detection library - Identify misfiring or noisy detections through case review and fix them. Own the quality of the detection content you touch from initial triage through to shipped improvement.
• Conduct threat hunting - Proactively investigate customer environments for signs of attacker activity that automated detections may have missed, using both structured hypothesis-driven hunting and AI-assisted workflows.
• Investigate security incidents - Perform deeper triage on escalated or complex cases, piecing together attacker timelines and identifying lateral movement, persistence, or exfiltration across data sources.
• Contribute to investigation playbooks - Document investigation techniques, artifact patterns, and case patterns as structured playbooks that help scale consistent, high-quality analysis across the team.
• Engage with the detection engineering cycle - Partner with the security engineering team to surface patterns from case review, propose new detection ideas, and validate that shipped detections perform as expected in production environments.

Qualifications

• 2-3+ years of hands-on experience in a SOC, MSSP, or MDR environment (Tier 2 or Tier 3 analyst level)
• Experience triaging and investigating alerts across on prem and cloud environments (AWS CloudTrail, Okta, Entra ID, GSuite, EDR or similar)
• Working knowledge of common attacker tactics, techniques, and procedures (MITRE ATT&CK)
• Comfort with log-based investigation and evidence analysis across multiple data sources
• Ability to write clear, concise case verdicts and communicate findings to technical and non-technical audiences
• Strong attention to detail and an instinct for separating signal from noise

Bonus

• Experience writing or tuning detection rules (Sigma, YARA-L, SPL, KQL, or similar)
• Familiarity with SQL or scripting for log analysis
• Background in detection engineering or security content development
• Experience with SIEM, EDR, or SOAR platforms
• Exposure to AI-assisted investigation or automation tooling

Why Work at Artemis?

• Make a real world impact. Every case you review and every detection you improve directly protects real companies and real people. You're not working on theoretical security problems — you're on the front lines of active defense, with customers who depend on the quality of your analysis.
• Be challenged to be better than ever before. Our team includes some of the smartest and most driven people in the world. We guarantee you will learn more in 1 year here than 10 years in another place.
• Push the boundaries of technology. Work with and help shape the most advanced AI capabilities in cybersecurity — moving well beyond traditional SIEM workflows into a new generation of investigation automation. Your ideas will shape the product and the industry.
• Innovative culture. We obsess about customers, move fast with high quality, and value open communication, mentorship and learning. You will have autonomy to drive investigations, propose detection improvements, and own outcomes — not just follow a runbook.

If you are passionate about cyber security and want to apply your expertise at the cutting edge of AI-powered defense, we'd love to hear from you.

Compensation

We offer a competitive compensation of $95,000-$120,000 per year, and a top-of-market equity component. A variety of factors are considered when determining the compensation, including a candidate's professional experience. Final offer amounts may vary from the amounts listed.

Equal Opportunity

At Artemis, we believe the best ideas come from diverse teams. We're committed to creating an inclusive environment where people of all backgrounds, experiences, and perspectives can do their best work. We welcome everyone, regardless of race, gender, age, religion, identity, or anything else that makes you, you.