Junior Security Analyst

SailPoint’s Cybersecurity organization is seeking a Junior Security Analyst with a passion for cybersecurity and protecting the organization.

The role is an entry-level role supporting the SOC team in monitoring, analyzing, and responding to security events and events of interest. This role focuses on learning foundational cybersecurity concepts, assisting with basic event analysis, and gaining exposure to purple teaming and threat intelligence processes. Applicants should embrace the opportunity to work across diverse platforms with a variety of tools and will play a key role as we continually improve our capabilities.

The ideal candidate will embody SailPoint's 4 I’s of Integrity, Individuals, Impact, and Innovation. They will embrace new challenges and contribute positively to our established team of talented and dedicated teammates to achieve our security objectives.

This role reports directly to the Americas SOC Manager, can be remote anywhere in Mexico, and will be working a mid-day shift with hours from 1:00 PM-10:00 PM CDT.

Responsibilities:

• Monitor security events using Security Information and Event Management (SIEM) systems and endpoint detection/response (EDR) tools.

• Perform initial triage of events and events of interest under supervision, escalating potential incidents to senior team members as needed.

• Assist in documenting events and maintaining response playbooks for events of interest and potential incidents.

• Support proactive threat monitoring by reviewing logs and alerts for suspicious activity.

• Participate in foundational purple team exercises, such as observing tabletop simulations or blue/red team collaborations, to understand detection and response gaps.

• Assist in collecting and organizing threat intelligence data (e.g., indicators of compromise [IOCs]) from open-source feeds or internal reports.

• Conduct basic risk enumeration tasks, such as identifying vulnerabilities using provided scanning tools.

• Engage in training to learn threat hunting basics and threat intelligence fundamentals.

• Leverage provided resources to continuously increase knowledge of tools and best practices in forensics, incident response, and your understanding of advanced persistent threats, including tools, techniques, and procedures of attackers

Requirements: 

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• 0–2 years of experience in cybersecurity or IT.

• Basic understanding of networking, operating systems (Windows/Linux), and security principles.

• Familiarity with SIEM tools (e.g., Splunk, QRadar) and EDR platforms.

• Interest in purple teaming concepts and threat intelligence processes.

• Strong analytical skills and eagerness to learn.

• Relevant certifications (e.g., CompTIA Security+, CySA+) are preferred but not required.     

Desired:

• Ability to quickly pick up and learn new technologies

• Able to collaborate with cross-functional teams

• A willingness to be challenged and a strong desire to learn

• English written and spoken proficiency and communications skills

• A foundational understanding of applications, networks, cloud architecture, and coding concepts

The Path to Success (Milestones):

• 30-Day Milestones (The "Learning" Phase):

  • Build familiarity with the primary security tools (SOAR, SIEM, EDR), demonstrating the ability to log in and navigate the systems.

  • Understand how to locate and open security events and where key information resides.

  • Begin shadowing senior team members to understand the basics of the triage process.

• 60-Day Milestones (The "Connecting" Phase):

  • Begin to independently identify the appropriate next steps in an investigation based on the event type (e.g., knowing to look at a process tree in EDR for a malware event).

  • Show proficiency in navigating to the correct information within the security stack without direct guidance.

  • Start performing basic triage on low-level events with supervision.

• 90-Day Milestones (The "Contribution" Phase):

  • Can articulate the "what" and "why" of investigation steps for basic security events.

  • Demonstrate a foundational understanding of the environment and can triage common alerts by following established playbooks.

• 6-Month Milestones (The "Performance" Phase):

  • Triage events independently, following established documentation and processes.

  • Demonstrate comfort in performing all subtasks required for an investigation and know when it is appropriate to escalate.

  • Actively incorporate feedback from the QA process to improve investigation quality.

• 1-Year Milestones (The "Mastery" Phase):

  • Triage events consistently and confidently, with investigation quality in line with team standards.

  • Require minimal feedback for common event types.

  • Start identifying potential areas for rule tuning, security control and process improvements.

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.