Senior Security Operations Analyst

This is a fully remote position, open to applicants in India.

📋 Description

• Create and present security reports and metrics to enhance operational awareness and aid leadership in decision-making.

• Identify and assist in the mitigation of information security risks by evaluating projects and initiatives to ensure they align with security requirements, policies, and standards.

• Facilitate internal and external audits by gathering and analyzing evidence, evaluating control effectiveness, and ensuring compliance with established security frameworks and policies.

• Monitor and manage remediation efforts, including corrective action plans and audit findings, to ensure timely resolution of identified security concerns.

• Detect, investigate, and respond to security incidents, analyzing root causes and impacts to effectively contain threats and minimize organizational risk.

• Maintain and support security tools, controls, and monitoring capabilities to ensure efficient detection and response.

• Create, implement, and continuously refine threat-informed detection and automated response playbooks, including use case creation, rule development, tuning, validation, and optimization through incident feedback and testing.

• Oversee systems and security telemetry for violations, vulnerabilities, and unusual activities.

• Analyze and utilize threat intelligence to improve detection, response, and situational awareness.

• Assist in the onboarding and validation of security telemetry to ensure effective detection and visibility.

• Work alongside cross-functional teams to enhance incident response, remediation, and security enhancements.

• Support the evaluation and selection of security technologies and solutions to strengthen detection, monitoring, and response capabilities.

⛳️ Requirements

• A degree in Cybersecurity, Information Technology, Computer Science, or a related field is preferred.

• Industry-recognized certifications are advantageous and may include: CompTIA Security+ or CySA+, Microsoft SC-200, GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Cyber Threat Intelligence (GCTI), GIAC Security Operations Certified (GSOC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and relevant cloud or security vendor certifications (e.g., SIEM, SOAR, endpoint, or cloud security platforms).

• 5-7 years of experience in security operations or related fields.

• Proficient knowledge of security controls, including access control, authentication, encryption, system integrity, and logging as they relate to security monitoring and detection.

• Experience in security operations, including monitoring, incident response, and incident management processes, with the capability to investigate, escalate, and respond to security events.

• Ability to develop, modify, and maintain threat detection rules within SIEM platforms, including tuning alerts and enhancing detection accuracy.

• Understanding of security telemetry, including log collection and ingestion (e.g., syslog, Windows Event Forwarding, ELK), normalization, and data quality considerations to support effective detection and visibility.

• Strong knowledge of operating systems (Windows, Linux, macOS), identity systems (e.g., Active Directory), and networking fundamentals (TCP/IP, DNS) as they pertain to security monitoring and investigations.

• Experience with endpoint, network, and host-based security tools including EDR, IDS/IPS, firewalls, vulnerability scanners, and host-based detection/prevention systems.

• Proficient in analyzing and correlating data from multiple security and telemetry sources to identify patterns, anomalies, vulnerabilities, and potential security threats.

• Familiarity with applying security frameworks such as MITRE ATT&CK to map adversary behaviors and support detection and response development.

• Experience with malware analysis, network forensics, and digital forensics concepts and tools; reverse engineering skills are a plus.

• Capability to evaluate security threats and implement timely mitigations under pressure.

• Experience using scripting languages such as Python, PowerShell, or equivalent to facilitate automation, analysis, and response activities.

• Excellent collaboration and communication skills with the ability to foster effective relationships across both technical and non-technical teams.

• Familiarity with security platforms and tools including SIEM, SOAR, EDR, vulnerability management, and threat intelligence tools (e.g., Google SecOps/Chronicle, Microsoft Defender for Endpoint, SentinelOne Singularity, Tanium Threat Response, Recorded Future).

• Experience with cloud security monitoring and native security services within AWS, Azure, Google Cloud, or OCI is a plus.

• Knowledge of security-focused frameworks, methodologies, and best practices for detection, response, and vulnerability management is advantageous.

• Ability to apply threat intelligence to enhance detection, investigation, and response activities.

• Experience in developing or working with automated response workflows and playbooks (SOAR).

🏝️ Benefits

• Health insurance

• Retirement plans

• Paid time off

• Flexible work arrangements

• Professional development