Principle Security Operations Analyst
The Senior Security Operations Analyst will report directly to the Deputy Chief Information Security Officer (DCISO). You will be ultimately responsible for protecting our network, systems, applications, and employees, from damaging threats to our company and brand. You’ll have access to state-of-the-art technology and intelligence. You’ll be expected to take full advantage of the technology and intelligence to triage threat events, perform threat hunting, and to lead incident response. We want our Senior Analyst to be a subject matter expert in security operations, involved in marketing, sales, and public relations for the company and the brand. Our Security Operations Center will set the example for our customers and prospects on what’s possible.
- Perform event and incident triage, threat hunting, and incident response (to include basic malware analysis and forensic investigations)
- Use industry-leading commercial and cloud software to detect, evaluate, triage, prioritize, and respond to security events.
- Develop, maintain, and enforce security operations policies, standards, and processes (run books); seeking continuous improvement and driving efficiency
- Be an escalation point (including on call support) to our managed security services (physical and cyber) as they are used for general triage both during and after business hours.
- Act as a subject matter expert in security operations and support marketing, public relations, sales, business development, and research and development.
- Support research and development, security module creation, automation, and process improvement.
- Support vulnerability management and penetration tests.
- Provide guidance and support to the development of corporate information security policies, standards, and guidelines.
- Security professional with 3-5 years of hands-on deep technical experience in the industry
- Security analysis, threat hunting, forensics, flow analysis, and log management experience
- Sound cloud security practices using AWS, Azure and/or GCP
- IDS/IPS management, PCAP carving, file extraction, and long tail analysis experience
- Strong understanding of attacker tactics, techniques, and procedures
- Excellent communication skills – both written and verbal
- Deep understanding of endpoint and network security
- Strong understanding of SIEM technology, integration and network forensics
- Experience with or knowledge of vulnerability management and penetration testing of systems, applications, and networks
- Demonstrable experience with one or more of the following:
- Python, PowerShell, Bash, Regex, PHP, HTML, .NET, C#, C++
- Security Certifications are nice to have but not required. A few recommended ones:
- OSCE, OSCP, GMON, GCED, GREM, GCIA, GCIH, GSEC, CISSP, etc.
- General understanding of industry standards, compliance, and legal guidelines:
- ISO 27001, NIST 800-53, SOC 2, SOX, HIPAA, etc.
LogRhythm offers the following benefits for this position, subject to applicable eligibility requirements:
· 401k plan
· Flexible time off
· Birthday Day off
The annual starting salary for this position is between 120k-150k Annually depending on experience and other qualifications of the successful candidate.
Bring your Whole Self to Work!
Diversity, equity, and inclusion are at the core of who we are. At LogRhythm, we know that diverse perspectives spark innovation, improve creativity, and position our team for success. Creating a culture where all are welcomed, valued, and empowered to achieve their full potential is important to who we are today and in the future. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors.
- Gartner Challenger in Security
- Thoma Bravo company
- Award-winning SIEM Platform