Key skills
AWSCloudCyber SecurityFirewallsGoogle Cloud PlatformLinuxMacOSPythonSplunkGCPGoogle CloudJira
About this role
Role Overview
- Collaborating with Security Operations Center (SOC) team members to monitor, detect, and respond to cybersecurity threats in a timely manner.
- Responding to cybersecurity incidents from identification through resolution.
- Developing and maintaining up-to-date knowledge of the threat landscape, as well as advancements in cybersecurity technologies and methodologies.
- Identifying, configuring and onboarding security telemetry sources/logs in support of threat detection and incident response
- Collaborating with Engineering and SRE to identify and mitigate logging deficiencies
- Developing new detection scenarios and queries to broaden and deepen the team’s detection coverage
- Tuning and continuously improving existing detection queries to increase signal-to-noise ratio, and ensure our detections remain relevant and functional
- Executing and improving incident response protocols and procedures to swiftly and effectively manage security incidents.
- Identifying, developing and maintaining automation solutions to increase the efficiency and effectiveness of the team
- Integrating various security and IT tools to enhance threat detection, incident response, and operational efficiency.
- Conducting regular security assessments, threat hunts, and continuous monitoring to identify vulnerabilities, opportunities for posture enhancements and better incident preparedness.
- Collaborating with Engineering, IT and other departments to support the implementation and evangelization of established cybersecurity best practices across the organization.
- Leveraging JIRA for creating and managing dashboards, reports, and metrics that support cybersecurity operations and decision-making.
Requirements
- A minimum of 3 years of experience in cybersecurity, with at least 2 years dedicated to security operations, a SOC environment and enterprise security.
- Demonstrated experience in incident response, including developing and implementing incident response playbooks and procedures, acting as incident commander on low severity incidents, and conducting post-incident analysis.
- Experience with JIRA or similar tools for creating dashboards, managing reports, and automating workflows to support cybersecurity operations.
- Proven track record in threat detection
- Strong knowledge in operating and configuring SIEM tools (e.g., Splunk, ELK) for real-time threat monitoring and analysis.
- Solid understanding of security technologies such as EDR (Endpoint Detection and Response), firewalls, and vulnerability scanners.
- Demonstrated track record of automating SOC processes, enhancing threat detection, or streamlining incident response using Python
- Proficient knowledge of threat actor behaviors, techniques and tools
- Experience investigating security events on MacOS, Linux and Windows systems
- Experience investigating security events in cloud environments including AWS and/or GCP
- Authorized to work lawfully in the United States of America as Calendly does not engage in immigration sponsorship at this time.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Firewalls
- Google Cloud Platform
- Linux
- MacOS
- Python
- Splunk
Benefits
- Top Performer Bonus program
- Equity awards
- Competitive benefits