Security Operations Engineer (SIEM)

We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.

With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.

monday.com is looking for a SecOps Engineer to join our Security Operations team. In this role, you will design, build, maintain, and optimize our SIEM, detection capabilities, and security operations infrastructure. As a senior member of the team, you’ll collaborate with stakeholders across the company to drive the vision and execution of our global security operations and observability. You will also play a key role in incident response and investigations, ensuring the protection of our company and customer data.

About The Role

• Ensure monitoring of security alerts and incidents, working to rapidly detect, contain, and resolve threats.
• Lead and support end-to-end investigations, from initial triage to deep analysis, covering Endpoint, Business Applications, WAF, DLP, and Cloud environments.
• Drive detection engineering, IR readiness, and purple team exercises around endpoint security, while managing MDR engagements.
• Define and detect anomalies in business-critical applications and DLP systems, ensuring protection of sensitive data.
• Design, maintain, and improve incident response playbooks, workflows, and escalation paths for a wide range of threats (e.g., malware, insider threats, data breaches, DDoS attacks).
• Research and develop detection rules to identify evolving threats in real time, improving visibility and reducing blind spots.
• Manage and optimize SIEM systems and monitoring tools, centralizing data sources to enable proactive detection and analysis.
• Build and improve automated workflows to accelerate Tier 1 alert handling and reduce manual overhead.
• Proactively hunt for threats using hypothesis-driven approaches and validate detections through Red/Blue exercises.
• Keep the team updated with the latest threats, detection techniques, and security best practices.

Requirements

• 3+ years as a SecOps Engineer with a strong background as a SOC analyst in a global, enterprise-level environment. (must).
• Hands-on experience in multi-cloud environments (AWS required, Azure/GCP preferred).
• Proven experience in endpoint detection, response, and purple teaming.
• Strong knowledge of DLP technologies and anomaly detection in SaaS/business-critical systems.
• Hands-on experience in implementing and managing advanced detection capabilities across multiple domains.
• Expertise in SOAR frameworks, developing automated workflows to improve incident response.
• Experience working with WAF alerts/logs to detect and investigate attacks (DDoS, SQL injection, etc.).
• Strong knowledge of Splunk (or equivalent SIEM), including advanced detection logic and ML anomaly detection.
• Proven ability to lead investigations from triage to forensics and guide cross-functional teams through incidents.
• Bachelor’s degree in CS/IT or related field. Security certifications (CISSP, CISM, GIAC, etc.) are a plus.
• Passion for proactive defense, continuous learning, and innovating in detection & response.

Social Title

Social Description

Our Team

Position Type