SecOps Engineer

Moon Active is seeking a SecOps Engineer to join their Security Operations team in Tel Aviv. This role involves defending the organization across IT and cloud security, performing third-party and internal security reviews, handling incident response, conducting threat hunting, and supporting GenAI security work. The ideal candidate will have hands-on experience in security operations, IT security, cloud security, and SIEM technologies, with proficiency in scripting for automation.

Must Have

• Design, operate, and improve security infrastructure
• Monitor, investigate, and remediate security alerts and threats
• Perform security reviews of third-party vendors, SaaS platforms, and internal applications
• Defend the organization across endpoints, identities, applications, and cloud
• 3+ years of hands-on experience in security operations, incident response, or similar
• Strong hands-on experience in IT security, endpoint protection, identity security
• Solid understanding of cloud platforms (GCP/AWS/Azure) and practical experience
• Strong knowledge of SIEM technologies (Splunk, ELK) and DFIR workflows
• Proficiency with Python, Bash, or PowerShell for automation and scripting

Good to Have

• Familiarity with SOAR platforms and building automated playbooks
• Strong communication skills to collaborate across teams

Description

Moon Active is one of the world's fastest-growing mobile game companies, providing entertainment to millions of players across the globe. Headquartered in Tel Aviv.

We are looking for a SecOps Engineer to join our Security Operations team. In this role, you will help defend the organization end-to-end, from IT security to cloud security - while performing third-party and internal security reviews, handling incident response, conducting threat hunting, and supporting GenAI security work.

Responsibilities

• Design, operate, and improve security infrastructure by maintaining core controls, hardening systems, and leading cloud security efforts to address misconfigurations, vulnerabilities, and identity risks.
• Monitor, investigate, and remediate security alerts and threats by performing DFIR, analyzing attack vectors, proactively hunting adversary activity, and leading incident response.
• Perform security reviews of third-party vendors, SaaS platforms, and internal applications, assessing architectures, data flows, integrations, and risk exposure.
• Defend the organization end-to-end across endpoints, identities, applications, and cloud by operating and advancing SecOps controls (SIEM/EDR/CSPM), building automations, enforcing best practices, and partnering cross-functionally to drive security outcomes.

Requirements

• 3+ years of hands-on experience in security operations, incident response, or a similar cybersecurity role.
• Strong hands-on experience in IT security, endpoint protection, identity security, and general security operations.
• Solid understanding of cloud platforms (GCP/AWS/Azure) and practical experience improving cloud security.
• Strong knowledge of SIEM technologies (Splunk, ELK) and experience with incident response and DFIR workflows.
• Proficiency with Python, Bash, or PowerShell for automation and scripting.
• Familiarity with SOAR platforms and building automated playbooks.
• Strong communication skills with the ability to collaborate across DevOps, IT, R&D, and business teams.

#LI-Hybrid