Key skills
AWSCloudCyber SecurityAIMLAnalyticsSaaSCommunication
About this role
Role Overview
- Identify, assess, and manage security incidents across cloud, identity, endpoint, and network environments
- Lead incident response activities, including investigation, containment, eradication, recovery, and post-incident reviews
- Serve as the primary escalation point for Information Security Analysts, providing guidance on complex alerts, root-cause analysis, investigation strategy, and analyst mentorship
- Drive continuous improvement of SOC tools, workflows, procedures, and alerting by reducing noise, optimizing detections, and increasing automation without compromising security coverage
- Partner with SOC, Offensive Security, Engineering, IT, Cloud, and business teams to identify detection and response gaps, validate controls, and remediate security weaknesses proactively
- Champion the use of AI, advanced analytics, threat intelligence, and industry best practices to improve alert fidelity, threat detection, analyst productivity, and overall security posture
Requirements
- 5+ years of hands-on experience in a SOC, incident response, or similar cybersecurity role, with a strong track record in security investigations
- Strong experience securing cloud-first environments, particularly AWS, with familiarity across other cloud platforms
- Proven expertise with modern security tools, including EDR/ITDR, CSPM, SIEM and logging, email protection, network and access security, case management/workflow platforms, and SOAR
- Strong incident response knowledge across endpoint, cloud, identity, SaaS, and network attack scenarios, with experience in threat intelligence platforms and structured threat hunting programs
- Experience developing or improving playbooks, runbooks, automated response workflows, and AI/ML-driven security capabilities to enhance detection and analyst efficiency
- Excellent written and verbal communication skills, with the ability to clearly document incidents and communicate technical findings to technical and non-technical stakeholders; relevant certifications such as GCFR, AWS Security Specialty, or AZ-500 are a plus
Tech Stack
- AWS
- Cloud
- Cyber Security
Benefits
- Comprehensive health benefits
- Life and disability insurance
- Fertility and family-forming support programs
- Paid holidays
- Volunteer time off
- Quarterly self-care days and no meeting days
- Tuition and reading reimbursement programs
- Thrive Global Wellness Program
- Confidential Employee Assistance Program (EAP)
- Employee programs—including Employee Resource Groups (ERGs), GoTo Gives, and our charitable matching program