Job Description

Security Analyst

Location: Remote, US

The Basics

The Security Analyst role provides candidates with hands-on experience performing analysis and remediation of information security events. In addition to investigating events, candidates will be responsible for making improvements to existing detection and prevention controls through process and technology improvements, including the use of automation platforms. Candidates are expected to question the status quo to identify opportunities for continuous improvement and are enabled to take action to ensure the effectiveness of a distributed security program operating within DevOps centric workflows.

This position is available for remote workers with flexible working hours but may require occasional work outside of normal business hours.

What you’ll do:

  • Drive continuous improvement across all aspects of Security Operations
  • Perform daily event and incident triage (e.g., malware triage, network analysis, live response, etc.)
  • Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, etc.)
  • Assist with the analysis and remediation of security incidents
  • Enhance detection and prevention controls (e.g., logic updates, exclusions, etc.)
  • Collaborate on design, architecture, and threat models to incorporate detection and monitoring requirements
  • Collaborate on response, containment, and remediation for confirmed security incidents
  • Work with different operating systems and cloud hosting providers (e.g., AWS, GCP, Azure, OCI)
  • Develop automation playbooks to improve the efficiency of operation processes
  • Seek opportunities for continuous improvement and drive efficiency
  • Maintain working knowledge of attacker tactics, techniques, and procedures (TTPs)
  • Maintain event collection environment through health monitoring
  • This role is part of a rotating on-call schedule

Who we’re looking for:

  • 2+ years working in a Security Operations or equivalent role
  • Firm understanding of attacker tactics, techniques, and procedures and means of detection
  • Strong technical understanding of networking basics, including TCP/IP and layer 7 protocols
  • Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)
  • Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
  • Working knowledge of at least one scripting language (Python or PowerShell preferred)
  • Working knowledge of DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines, etc.)
  • Excellent communication (verbal and written), critical thinking, and analytical skills
  • Ability to work both independently and as part of a team
  • Ability to synthesize risks and derive detection countermeasures