Senior Security Operations Analyst
SailPoint's Cybersecurity organization is seeking a Security Operations Analyst with a passion for cybersecurity and protecting the organization. This is an internal security analyst role on SailPoint's Security Operations team that will focus on detecting and preventing threats to the organization. The ideal candidate will be a team player and have a strong passion for protecting the organization against cyber threats.
This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders and be directly responsible for delivering a comprehensive Security Operations program. This role reports directly to the Senior Manager of Security Operations and can be remote or based in Austin, TX.
Responsibilities:
- Partner closely with Architecture/Engineering and Product Development to define and communicate functional requirements and technology performance feedback to mature the Security Operations technology stack.
- Responsible for event discovery and incident response activities; assist with efforts among multiple business units during response activities and post-mortem.
- Mature and develop playbooks, ensuring response activities align with the incident response plan and provide comprehensive mitigation of threats.
- Be available for after hours on-call rotation and paging.
- Provide timely, comprehensive, and accurate information in both written and verbal communications.
- Understand and apply the "how," "when," "where," and "why" of a threat incident.
- Monitoring. Proactively monitor internal and external-facing environments using specialized security applications.
- Proactively research security-related information and threat intelligence sources to aid in the hunting and identification of threat activity.
- Response. Provide full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting.
- Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time.
- Communicate across the incident, problem, and change management cycles.
Requirements:
- 3-5 years of experience working in a SOC and triaging alerts
- Have advanced knowledge of the current cybersecurity threat landscape and industry best practices.
- Demonstrate a proven track record of effectively operating in a team setting.
- Mentoring and assisting development of more jr. counterparts
- Possess experience and successful results in one or more of the following technologies:
- Network Security Monitoring (Palo Alto, Fidelis, NetWitness, Cisco, WireShark, Snort, Security Onion, etc.)
- Endpoint Detection and Response (Cortex XDR, Crowdstrike, Cylance, Carbon Black, etc.)
- SIEMs (Splunk, SumoLogic, Devo, InsightIDR, QRadar, etc.)
- Security Orchestration, Automation, and Response (Demisto/Cortex XSOAR, Phantom, Siemplify, etc.)
- Cloud Service Provider IaaS and PaaS (AWS, Azure or GCP)
- Service Management & Ticketing (Jira, ServiceNow, Zendesk or similar)
- Vulnerability Scanning (Tenable, Qualys, Nessus, Nexpose, etc.)
- Investigation and Research Tools (Virus Total, Shodan, etc.)
- Red Team Tools (MetaSploit, Mimikatz, Phantom Evasion, MSF Venom, Cobalt Strike, etc.)
- Experience in all the following:
- Hands-on trouble shooting, analysis, and technical expertise to resolve incidents and service requests.
- Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution, working experience against advanced persistent threats.
- Competence in using and implementing both internal and external ticketing systems for ITIL-based incident, problem, and change management.
- Fundamental understanding of penetration testing, MITRE ATT&CK and attack path analysis (e.g LM kill-chain).
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
Preferred:
- Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 3 years of related work experience.
- Certification aligned to the following:
- SANS/GIAC
- CompTIA
- ISACA
- Vendor Certifications
- Experience with compliance and regulatory frameworks such as FedRAMP , ISO27001, SOC2, SOX, GDPR.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.