SOC Analyst II at DigitalOcean
Headquartered in New York but based around the world, DigitalOcean is a dynamic, high-growth technology company that serves a robust and passionate community of developers around the world. Our mission is to simplify cloud computing for every developer. We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.We want people who are passionate about making the internet a safer place for everyone .
We’re looking for inspired and motivated technical contributors to join the DigitalOcean team as Security Operations Analyst. In this role, you will be a key member of DigitalOcean’s security team, reporting to the Manager of Security Abuse Operations. You will improve the security posture of DigitalOcean both reactively and proactively, as well as handling incidents and making the internet a safer place. Security Operations Analysts must excel at identifying vulnerabilities, building tactical and strategic mitigation plans, and eliminating bad actors inside the DigitalOcean platform.What You’ll Be Doing:
- Analyzing network traffic to identify compromised systems, negate denial of service attacks, and pinpoint resource abuse.
- Investigate, identify and prevent or mitigate abusive activities such as intrusion attempts, DDoS attacks, malware distribution networks, phishing attacks, etc. originating from DigitalOcean.
- Handling live intrusions and incident response cases, in a customer-facing and transparent manner, to minimize the impact of bad actors on the internet.
- Proactively hunting for threats, red teaming activities, and working with penetration testers performing exploit and vulnerability research, all in order to find and close gaps exploited by bad actors.
- Establish creative approaches to complex information security issues.
- Locating trends in abuse vectors, communicating with leadership to apprise of extent, and advocating for appropriate product changes to prevent future occurrences.
- Vetting abuse claims, responding to reporters, and helping customers focus on their company’s mission with DigitalOcean.
- Work within a customer facing ticket queue management system with specific service level objectives for quality resolutions to technical abuse cases.
- Triaging corporate Security Information and Event Management (SIEM) based alerts with investigative security analysis tactics for remediation.
- Helping customers utilize DigitalOcean's products to the best of their ability by quickly removing technical Abuse bottlenecks to keep their infrastructure safe.
- Building strong relationships with internal technical teams across our engineering and infrastructure functions.
- Engineering approaches to harvest security data, converting that data into actionable intelligence, and collaborating with the technical teams to take action with that intelligence.
- Establishing an understanding of DigitalOcean’s entire production environment, from applications to infrastructure, keeping up-to-date with material changes and future directions.
- Coaching and mentoring other skilled security practitioners across application, information, and infrastructure security.
- A high degree of curiosity and aptitude, with a clear passion around security as a lifestyle.
- Significant experience handling Incident Response in relation to live intrusions.
- Significant experience in one or more of the following fields:
- Security Monitoring
- Proactive Threat Hunting
- Threat Intelligence Collection / Threat Investigation / Dissemination
- Network Security
- Incident Response
- Security Operations
- Ability to Diagnose, Troubleshoot, and Resolve Infrastructure Security Problems
- Understanding of hardware, software, and networking; distributed computing; virtualization; high-performance storage systems; databases; and cloud computing
- Understanding of fundamental TCP/IP concepts, application protocols and knowledge of database structures and working with Unix/Linux.
- Intellectual Curiosity and Self-Motivation to perform complex tasks
- Clear written and verbal communications skill to include; technical writing, presenting, coaching, mentoring
- Ability to provide and receive clear, direct, and honest feedback for continuous improvement
- A forward looking perspective on security engineering, tackling each problem with a degree of creativity that uses previous internal/external approaches as a data point, not a rulebook.
- The ability to remain optimistic and passionate about overcoming security obstacles at scale in both reactive and proactive situations.
- Consistently improving security as the platform scales, driving continuous improvement through data collection and correlation, being mindful that security should be an efficiency enabler for the business - not a detractor.
- Ability to code, script, or automate classes of problems rather than handling them manually (Python, Bash, Go, Ruby)
- Experienced with Trust and Safety fundamentals.
- We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging ourselves to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship, LinkedIn Learning tracks, and other internal programs. We also provide all employees with reimbursement for relevant conferences, training, and education.
- We care about your physical, financial and mental well-being. We offer competitive health, dental, and vision benefits for employees and their dependents, a monthly gym stipend to support your physical health, and a commute or internet allowance to make your trips to your office or your desk easier. We offer generous parental leave with transition time built-in upon return to work. We offer competitive compensation and a 401k plan with up to a 4% employer match.
- We support our remote employee experience. While we have great office spaces in NYC and Cambridge, we’re very distributed—we use a number of communication tools to connect across the company—and all remote employees have the opportunity to visit our offices and meet their teams face-to-face at team offsites. We also have an annual company offsite, Shark Week, to get quality in-person time with the entire company at least once a year. We also allow employees to outfit their workstations to meet their needs—whether remote or in office.
- We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For all CO residents, please click here
Department: Security #LI-Remote
Want to learn more about our Security team? Click here!
Want an inside look into life at DO? Click here to hear from our employees!