Key skills
Security OperationsIncident CommandCloud SecurityAWSAzureGCPIAMLoggingSIEMGoogle ChronicleEDRCrowdStrikeMITRE ATT&CKDetection EngineeringThreat HuntingThreat IntelligencePythonPowerShellApplication SecurityGIAC CertificationsCISSPStakeholder ManagementCommunication
About this role
Playlist is building a platform for intentional living, connecting people with inspiring experiences in fitness and wellness. The Security Analyst III will lead complex security incidents, mentor the incident response team, and improve operational processes within the Security Operations Center.
Responsibilities:
- Lead complex security incidents as incident commander from detection through resolution, providing expert-level response capabilities
- Mentor our incident response team on advanced IC techniques, stakeholder management, driving incident closure, and conducting effective after-action reviews
- Serve as technical escalation point for investigations requiring deep expertise in cloud security, application security, and modern adversary techniques
- Develop team capabilities through hands-on mentorship during real incidents, teaching investigative methodologies and building technical depth in cloud, application, and detection fundamentals
- Proactively identify and fix operational gaps without being directed—establish SOC metrics, improve processes, document workflows, and optimize our MSSP partnership
- Improve detection coverage by conducting post-incident analysis, mapping gaps to MITRE ATT&CK, partnering with MSSP on custom rules and alert tuning
- Conduct threat-informed activities including hypothesis-driven threat hunts, operationalizing threat intelligence, and translating threat landscape insights into detection improvements
- Build relationships with service-owning teams to improve cross-team coordination and SOC engagement
Requirements:
- 7–10+ years in security operations with proven incident commander experience leading complex, multi-team security incidents
- Strong cloud security knowledge (AWS, Azure, or GCP) including architecture, IAM, logging, and attack patterns
- Expert investigation skills across SIEM (Google Chronicle preferred), EDR (CrowdStrike preferred), and cloud security platforms
- Demonstrated ability to mentor analysts and improve team technical capabilities
- Self-directed operational mindset—identifies gaps and implements solutions without constant oversight
- MITRE ATT&CK framework expertise and understanding of modern adversary techniques
- Strong communication skills for directing senior analyst during incidents and explaining complex topics clearly
- Detection engineering or SIEM rule writing experience
- Threat hunting methodologies and frameworks
- Threat intelligence consumption and operationalization
- Scripting/automation (Python, PowerShell)
- Application security fundamentals
- GIAC (GCIA, GCIH, GCFA), CISSP, or comparable certifications