Security Analyst II - Weekday Afternoons (Remote) at Deepwatch, inc.
Come join Deepwatch's team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. - and we have a blast doing it!
Who We Are
Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch's cloud-based security operations platform, Deepwatch provides the industry's fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.
Deepwatch recognition includes:
- Forbes America's Best Startup Employers 2022
- Great Place to Work® Certified 2022
- Cybersecurity Excellence Award for MDR 2022
- Forrester: Top 10 MDR
- Goldman Sachs portfolio company: $53m Series B investment 2020
Security Analyst II, which directly correlates to the Security Operations Center (SOC) Tier II analyst, provide some descriptive analysis; who, what, when, and where but are more focused on the explanative analysis of an event; why and how. These individuals demonstrate a curiosity that is tempered with training and experience. They are capable of developing greater context to events, allowing for more in-depth analysis and leveraging this to develop patterns of behavior in a client. They will develop findings and make recommendations to tune environments as well as facilitating communication with the other members of the customer analyst team.
The shift for this position is Monday thru Friday, 2:00 P.M. - 10:00 P.M. EST.
- Monitor the SIEM for suspicious events and anomalous activity
- Triage security events for criticality
- Validate suspicious events and incidents using open-source and proprietary intelligence sources
- Document and manage incident cases in our case management system
- Notify assigned customers of security incidents Interface with customers to provide investigatory support and additional information as needed
- Triage support requests and help desk queue to maintain SLA Work a shift as needed and directed
- Keep up-to-date with information security news, techniques, and trends
- Identify and report any gaps in log collection or reporting as soon as possible to the customer and deepwatch Engineering
- Report all operational issues or problems to the shift lead
- Report any changes in customer environments to the Lead Analyst
- Contribute to the creation of analytical products
- Document new tools and techniques and disseminate them to the rest of the team
- Mentor and assist Tier I analysts with professional development
- Develop an area of specialty with the goal of becoming a subject matter expert
- Produce original content regarding new threats, techniques and information for internal and external consumption
- Incident Response and threat hunting in client environments
- Become expert with Splunk as an analyst
- Become expert with ServiceNow as an analyst
- Become expert with third-party threat intelligence tools as required
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Required Experience, Skills and Knowledge
- 2+ years in Cybersecurity Operations, with preference for MSSP
- Incident Management
- Splunk or a comparable SIEM
- SOAR, Ticketing Systems and Threat Intelligence platforms
- Knowledge of Operating Systems and Networks
- Experience with some or all of the following:
- Full packet capture analysis (Wireshark, Netwitness)
- Malware analysis (Static/Dynamic)
- Host forensics (Windows)
- Email Analysis
- Virtualization (VMWare, Virtualbox)
- Strong communication skills, written and verbal
Preferred Experience, Skills and Knowledge
- Degree in Information Security or Information Technology
- Scripting experience
- Industry recognized cybersecurity certifications:
- SANS, EC-Council, CompTIA, GCIA, GCIH, CEH, CySA, Net+/Sec+
This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:
- A citizen of the U.S.
- A lawful permanent resident of the United States
- A person admitted to the United States as a refugee
- A person that has been granted asylum by the United States government
The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.
For applicants in Colorado, the salary range for this role is $70,000 to $82,000 + bonus + commissions + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.
*Note: Disclosure as required by sb19-085 (8-5-20).
What We Offer:
Deepwatch is excited to provide benefits designed to support team members and their families. Including:
- Medical, dental, vision, and disability insurance
- Paid time off, holidays, and family leave
- 401(K) retirement program with employer match
- Unique professional development benefits, starting at $3,000 annually
- Learn more here: https://www.deepwatch.com/careers/#benefits
We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don't hesitate to apply - we'd love to hear from you.
Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact [email protected] for further information.
All Deepwatch employees are expected to:
- Be interested in and able to work remotely from a home office when not at a corporate office
- Pass a pre-employment background and drug screen in accordance with applicable laws
Equal Opportunity Employer
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.