Sr. SECURITY OPERATIONS CENTER ANALYSTSailPoint is the leader in identity security for the cloud enterprise. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, ensuring workers have the right access to do their job – no more, no less. About you:We are seeking an emerging team-lead with established technical capabilities who is willing to continue to learn, contribute and educate others. As a Lead Security Analyst you will work across diverse platforms to monitor cloud and IT infrastructure and triage security events. You are someone that embraces new challenges and contributes positively to your team. The ideal person for this role will make decisions with our 4 I’s in mind – Innovation, Integrity, Impact and Individuals. You can read more about those here.About the team:You will join a new but capable team of both emerging and established talent. You will have the opportunity to influence, mentor, and shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities.About the role:This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders and be directly responsible for leading and delivering a comprehensive Security Operations program. This role reports directly to the Manager of Security Operations and can be remote or based in Austin, TX.Responsibilities:Lead initiatives to increase the maturity and efficiency of Security OperationsPartner closely with Architecture/Engineering and Product Development to define and communicate functional requirements and technology performance feedback to mature the Security Operations technology stack.Responsible for event discovery and incident response activities; assist with efforts among multiple business units during response activities and post-mortem.Mature and develop playbooks, ensuring response activities align with the incident. response plan and provide comprehensive mitigation of threats.Be available for after hours on-call rotation and paging.Provide timely, comprehensive, and accurate information in both written and verbal communications.Understand and apply the “how,” “when,” “where,” and “why” of a threat incident.Monitoring - proactively monitor internal and external-facing environments using specialized security applications.Proactively research security-related information and threat intelligence sources to aid in the hunting and identification of threat activity.Response - provide full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting.Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time.Communicate across the incident, problem, and change management cycles.Requirements:6+ years of experience as a Security Analyst working in a SOC triaging and responding to alerts.Have advanced knowledge of the current cybersecurity threat landscape and industry best practices.Demonstrate a proven track record of effectively operating in a team setting.Mentoring and assisting development of more junior analystsPossess experience and successful results in one or more of the following technologies:Network Security Monitoring (Palo Alto, Fidelis, NetWitness, Cisco, WireShark, Snort, etc.)Endpoint Detection and Response (Cortex XDR, Crowdstrike, Cylance, Carbon Black, etc.)SIEMs (Splunk, SumoLogic, Devo, InsightIDR, QRadar, etc.)Security Orchestration, Automation, and Response (Demisto/Cortex XSOAR, Phantom, Siemplify, etc.)Cloud Service Provider IaaS and PaaS (AWS, Azure or GCP)Service Management & Ticketing (Jira, ServiceNow, Zendesk or similar)Vulnerability Scanning (Tenable, Qualys, Nessus, Nexpose, etc.)Investigation, Intel, and research tools (Virus Total, IT-ISAC, Investigate, etc.)Experience in all the following:Hands-on trouble shooting, analysis, and technical expertise to resolve incidents and service requests.Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution, working experience against advanced persistent threats.Competence in using and implementing both internal and external ticketing systems for ITIL-based incident, problem, and change managementFundamental understanding of penetration testing, MITRE ATT&CK and attack path analysis (e.g LM kill-chain)Ability to innovate and find creative solutions that balance the needs of the business with the needs of securityNice to haves or things you’ll learn in the role:Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 6+ years of related work experienceCertification aligned to the following:SANS/GIACCompTIAISACAVendor CertificationsExperience with compliance and regulatory frameworks such as FedRAMP, ISO27001, SOC2, SOX, GDPRSailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
View Original Job Posting