Security Operations Analyst
SailPoint's Cybersecurity organization is seeking a Security Operations Analyst with a passion for cybersecurity and protecting the organization. This is an internal security analyst role on SailPoint's Security Operations team that will focus on detecting and preventing threats to the organization. The ideal candidate will be a team player and have a strong passion for protecting the organization for cyber threats.
This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders and be directly responsible for delivering a comprehensive Security Operations program. This role reports directly to the Senior Manager of Security Operations and can be remote or based in Austin, TX.
Responsibilities:
- Partner closely with Architecture/Engineering and Product Development to define and communicate functional requirements and technology performance feedback to mature the Security Operations technology stack.
- Responsible for event discovery and incident response activities; assist with efforts among multiple business units during response activities and post-mortem.
- Playbook development and ensure response activities align with the incident response plan and provide comprehensive mitigation of threats.
- After hours on-call rotation and paging.
- Provide timely, comprehensive, and accurate information in both written and verbal communications.
- Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats.
- Understanding the "how," "when," "where," and "why" of the incident threat.
- Monitoring. Proactive monitoring of internal and external-facing environment using specialized security applications.
- Proactively research security-related information and threat intelligence sources to aid in the hunting and identification of cyber threat activity.
- Response. Full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting.
- Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time.
- Communications across the incident, problem, and change management cycles.
Requirements:
- Foundational knowledge of the current cybersecurity threat landscape and industry best practices.
- Proven track record of effectively operating in a team setting.
- Experience in the following technologies:
- Network Security Monitoring (Palo Alto, Fidelis, NetWitness, Cisco, WireShark, Snort, Security Onion, etc.)
- Endpoint Detection and Response (Cortex XDR, Crowdstrike, Cylance, Carbon Black, etc.)
- SIEMs (Splunk, SumoLogic, Devo, etc.)
- Security Orchestration, Automation, and Response (Demisto/Cortex XSOAR, Phantom, Siemplify, etc.)
- Cloud Environments (AWS, Azure, or similar) and Containers (Docker, Kubernetes, or similar)
- Ticketing (Jira, ServiceNow, or similar)
- Vulnerability Scanning (Tenable, Qualys, Nessus, etc.)
- Investigation and Research Tools (Virus Total, Shodan, etc.)
- Red Team Tools (MetaSploit, Mimikatz, Cobalt Strike, etc.)
- Experience in all the following:
- Hands-on trouble shooting, analysis, and technical expertise to resolve incidents and service requests.
- Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution, working experience against advanced persistent threats.
- Competence in using and implementing both internal and external ticketing systems for ITIL-based incident, problem, and change management.
- Fundamental understanding of penetration testing and attack path analysis.
- Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR.
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
Preferred:
- Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 1 years of related work experience.
- Certification aligned to the following:
- SANS/GIAC
- CompTIA
- ISACA
- Vendor Certifications
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.