Security Analyst
Job Overview
We're looking for a Security Analyst to be at the core of what we do: reviewing real security cases across customer environments, recommending outcomes, and continuously improving the detection logic that powers our platform.
Responsibilities
- Review and triage security cases
- Investigate alerts and cases surfaced by the Artemis platform across cloud, identity, endpoint, and SaaS environments
- Analyze the underlying logs and evidence to determine whether activity is malicious, benign, or a false positive
- Recommend and document case outcomes with clear, well-reasoned verdicts (true positive, false positive, benign confirmed) with supporting evidence and written justifications
- Build and refine detections by writing new detection logic and tuning existing rules to improve signal quality
- Fix and maintain the detection library by identifying misfiring or noisy detections through case review and fixing them
- Conduct threat hunting by proactively investigating customer environments for signs of attacker activity that automated detections may have missed, using both structured hypothesis-driven hunting and AI-assisted workflows
- Investigate security incidents by performing deeper triage on escalated or complex cases, piecing together attacker timelines and identifying lateral movement, persistence, or exfiltration across data sources
- Contribute to investigation playbooks by documenting investigation techniques, artifact patterns, and case patterns as structured playbooks that help scale consistent, high-quality analysis across the team
- Engage with the detection engineering cycle by partnering with the security engineering team to surface patterns from case review, propose new detection ideas, and validate that shipped detections perform as expected in production environments
Qualifications
- 2-3+ years of hands-on experience in a SOC, MSSP, or MDR environment (Tier 2 or Tier 3 analyst level)
- Experience triaging and investigating alerts across on-prem and cloud environments (AWS CloudTrail, Okta, Entra ID, GSuite, EDR or similar)
- Working knowledge of common attacker tactics, techniques, and procedures (MITRE ATT&CK)
- Comfort with log-based investigation and evidence analysis across multiple data sources
- Strong attention to detail and an instinct for separating signal from noise
- Experience writing or tuning detection rules (Sigma, YARA-L, SPL, KQL, or similar)
- Familiarity with SQL or scripting for log analysis
- Experience with SIEM, EDR, or SOAR platforms
- Exposure to AI-assisted investigation or automation tooling
Bonus
- Experience with detection engineering or security content development
- Exposure to AI-assisted investigation or automation tooling
Why Work at Artemis?
- Make a real-world impact
- Be challenged to be better than ever before
- Push the boundaries of technology
- Innovative culture
Compensation
We offer a competitive compensation of $100,000-$140,000 per year, and a top-of-market equity component. A variety of factors are considered when determining the compensation, including a candidate's professional experience. Final offer amounts may vary from the amounts listed.
Equal Opportunity
At Artemis, we believe the best ideas come from diverse teams. We're committed to creating an inclusive environment where people of all backgrounds, experiences, and perspectives can do their best work. We welcome everyone, regardless of race, gender, age, religion, identity, or anything else that makes you, you.