Key skills
CloudCyber SecurityLinuxMacOSSplunkLeadershipCommunicationCustomer Success
About this role
Role Overview
- Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS
- Provide in depth analysis from escalated requests originating from Security Analyst 1
- Validate suspicious events by performing investigations using SIEM and SOAR technologies, leveraging Deepwatch proprietary tooling, intelligence and OSINT, TTPs and IOCs
- Identify gaps in customer environments, data ingested or configuration errors which reduce telemetry quality
- Work with customer and leadership to surface and resolve concerns
- Provide support to Security Analyst I including coaching and training as necessary
- Leverage your knowledge of Alert Triage, SOC Operations, and Defense in Depth (DiD) to contribute to projects for overall customer success
- Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner
- Surface opportunities for improvement in the SOC and for the customer and be a change agent for measurably improving our customer security posture and experience
- Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program
Requirements
- Have a strong understanding of cyber security principles, concepts and practices including the ability to perform a complete and thorough incident investigation and triage with limited support from Analyst III’s
- Know your way around SIEM platforms (Splunk, Google SecOps or Microsoft Sentinel preferred), how to perform queries and leverage various log sources to perform investigations
- Operate autonomously requiring minimal support on investigative actions
- Competency with in-depth header analysis, hashes and Windows/macOS/Linux logs
- Demonstrate the ability to pivot to other log sources, cloud systems or consoles to perform a comprehensive analysis from multiple data sources
- Have a basic understanding of modern EDR, email security and cloud identity platforms
- A desire to support others and uplift the program and team through updating training materials and SOPs
- Strong written and verbal communication skills including the ability to write well-written reports and analysis that’s thorough, accurate and complete
- Provide the customer with a complete understanding of the investigation
- Sec+, CySA, CEH, GSEC, or equivalent certification preferred.
Tech Stack
- Cloud
- Cyber Security
- Linux
- MacOS
- Splunk
Benefits
- Medical, dental, vision, and disability insurance
- Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
- Unique professional development benefits with Annual “development dollars” to support our people growth and development
- Wellness contests and monthly educational programs
- 401(K) retirement program