Security Operations Analyst III

Back to jobs New Security Operations Analyst III New York, NY or US - Remote Apply As a Security Operations Analyst III at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our 300+ million  users who entrust Vimeo with their content every day. You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks. You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization. You love to solve puzzles, and are a great team player. This role is on-call once a month. What you'll do: Depending on your preferences and the current needs of the team, you may either focus on just some of the following areas, or you may choose to become involved with all of them. You will act as the primary analyst for security incidents detected by EDR and other security monitoring solutions. Analyze and triage security alerts, prioritizing based on severity, potential impact, and threat intelligence Conduct security assessments of our systems and infrastructure to identify vulnerabilities and risks, identify risk owners, and implement mitigating controls. Implement and operate cloud security hardening and cloud security posture management across Google Cloud and AWS. Collaborate with SRE, AppSec and Information technology around vulnerability management, detection, and response. Automate security processes using scripting and other automation tools. Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards Help strengthen our own internal processes and procedures Skills and knowledge you should possess: 3+ years of experience in security operations, incident response, or vulnerability management 2+ years of hands-on experience with EDR platforms (CrowdStrike) Strong understanding of security frameworks such as NIST, MITRE ATT&CK, and incident response methodologies Familiarity with SIEM platforms and log analysis techniques Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.  Good communication and interpersonal skills.  Bonus points (nice skills to have, but not needed): Knowledge of cloud security principles and tools (AWS, GCP security services) Experience with container security and orchestration platforms Experience with vulnerability management tools (Wiz, Qualys, Rapid7, etc.) and vulnerability assessment methodologies Knowledge of common attack vectors, malware analysis, and digital forensics principles Experience with scripting languages (Python, PowerShell, Bash) for automation tasks Relevant certifications such as CISSP, CCSP, or AWS Certified Security Specialty are a plus. Experience with automation tools such as Terraform, Ansible, or Chef. Understanding of compliance frameworks (SOC 2, HIPAA, FedRAMP) Base Salary Range: NYC Metro, Bay Area, Seattle, & Los Angeles:    $101,000 to $139,250 All other US cities outside above metro areas:    $90,900 to $125,325 At Vimeo, we strive to hire and nurture amazing talent across the globe. Actual salaries will vary depending on factors including but not limited to experience, specialized skills, internal alignment, and location.  Base salary is just one component of Vimeo's total rewards philosophy. We offer a wide range of benefits, perks, variable compensation and where eligible long-term incentive programs.  We also offer paid time off, generous 401k match, commuter benefits, Health Savings Account (HSA), Flexible Spending Account (FSA), fertility reimbursement, group term life insurances, wellbeing resources, and more. #LI-MM1 About Us: Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at www.vimeo.com .   Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture. Apply for this job * indicates a required field First Name * Last Name * Email * Phone * Location (City) * Locate me Resume/CV * Attach Attach Dropbox Google Drive Enter manually Enter manually Accepted file types: pdf, doc, docx, txt, rtf Cover Letter Attach Attach Dropbox Google Drive Enter manually Enter manually Accepted file types: pdf, doc, docx, txt, rtf Education School Select... Degree Select... Discipline Select... Add another Preferred first name (if different): Alternative phone: LinkedIn Profile GitHub Link Website/Portfolio: How did you hear about this job? What geographical location are you looking to work from? * Will you now, or in the future, require sponsorship for employment authorization to work in the US? (e.g. H-1B visa status) * Select... Work Authorization: (Please Select One) * Select... Are you 18 Years of age or older? If not, can you provide authorization of your eligibility to work? * Select... If you are related to anyone at our company or any of our affiliates, please provide employee name, company name and department: Have you been an employee or representative of or consultant to any company that competes with Vimeo in the last 12 months? If so, do you have any contractual or other restrictions that would prevent or limit your acceptance of employment with Vimeo (such as a non-disclosure agreement or a non-solicitation agreement)? * Date available to start: (optional) Desired Compensation: *Please specify if base salary or TC (total compensation) * By submitting this application, I certify that all of the information I have provided in this application (or in any other accompanying or required documents) is correct, accurate and complete to the best of my knowledge. I understand that falsification, misrepresentation or omission of any facts in these documents may be cause for denial of employment or immediate termination of employment regardless of the timing or circumstances of discovery. I also understand that submitting this application does not guarantee employment. * Select... What are your preferred pronouns? Select... Can you share an example of how you've used automation or scripting to improve a security process? What problem were you trying to solve, what approach did you take, and what was the outcome? * In a few sentences, tell us about a time when you had to balance multiple high-priority security alerts simultaneously. How did you prioritize them, and what criteria did you use to determine which threats required immediate attention versus those that could be addressed later? * In a few sentences, describe a security incident you've investigated. How did you detect it, what was your analysis process, and how did you coordinate the response with other teams? * Are you comfortable with on-call responsibilities that would require you to be available approximately once per month to respond to security incidents outside of normal business hours? * Select... Do you have at least 3 years of hands-on experience in security operations, incident response, or vulnerability management, and at least 2 years of direct experience working with EDR platforms like CrowdStrike? * Select... 2023 Domestic Self ID Below is a set of voluntary demographic questions that are part of our inclusion efforts. If you choose to fill them out, the responses will be used (in aggregate only with no ability to see on a per candidate basis) to help us identify areas for improvement in our process. Your responses, or your choice to not respond, will not be associated with your specific application and cannot in any way be used in the hiring decision. I identify my gender as: Select... Do you identify as being part of the LGBTQIA+ community? Select... I identify my Ethnicity as: Select... Veteran Status Select... Do you identify as a person with a Disablity: Select... Submit application