Deepwatch · 3 days ago
Security Analyst II
Wonder how qualified you are to the job?
Maximize your interview chances
Cloud SecurityCyber Security
Comp. & Benefits
Insider Connection @Deepwatch
Responsibilities
Monitor the SIEM for suspicious events and anomalous activity
Triage security events for criticality & do in-depth analysis on incidents to maintain SLA
Validate suspicious events and incidents using open-source and proprietary intelligence sources
Effectively document and manage incident cases in our case management system
Notify assigned customers of security incidents and interface with customers to provide investigatory support and additional information as needed
Handle escalations from Tier 1
Keep up-to-date with information security news, techniques, and trends
Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering
Report all operational issues or problems to the Shift Lead
Report any changes in customer environments to the Lead Analyst
Document new tools and techniques and disseminate them to the rest of the team including playbook creation
Mentor and assist Tier I analysts with professional development
Attend meetings and have value added conversations with customers
Develop an area of specialty with the goal of becoming a subject matter expert
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Demonstrate experience managing security incidents and handling escalations from Tier 1
Possess experience with SOAR, Ticketing Systems and Threat Intelligence platforms
Analyze & triage alerts with a mix of ticket resolution, researching forensics events and ad-hoc projects
Investigate the type of attack and the data or systems impacted
Monitor SIEM (Splunk preferred). Within Splunk, should be at or above a power user level - should be able to read and understand SPL
Review SIEM alerts to see their relevance and severity
Make determinations on when to escalate to Tier 3
Mentor and assist Tier I analysts to help prioritize events
Oversee & configure security monitoring tools
Have experience with malware analysis, both static & dynamic, be able to review a hash in VirusTotal and look in the EDR console to identify what the malware is doing
Be proficient with ports & protocols
Correlate cross functional logs sources
Have Log Analysis experience including in-depth header analysis and review Linux/macOS/Windows logs
Be responsible for ticket hygiene & documentation
Be comfortable communicating with customers in meetings
Identify & reports any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering
Advanced email analysis
Demonstrate ability to monitor alerting through multiple cloud environments
Document new tools and techniques and disseminate them to the rest of the team (playbook creation)
Conduct full packet capture analysis & host forensics (Windows)
Communicate effectively to Team Leads, Managers & Customers as needed
Have a Degree in Information Security or Information Technology or equivalent experience
Possess scripting experience - python or regex preferred
Possess cybersecurity certifications a plus: SANS, EC-Council, CompTIA, GCIA, GCIH, CEH, CySA, Net+/Sec+
Benefits
Medical, dental, vision, and disability insurance
Flexible Time Off (FTO), 9 company holidays, sick leave and 8-Weeks Paid Parental Leave
Unique professional development benefits, starting at $3,000 annually
Wellness contests and monthly educational programs
401(K) retirement program with employer match
Company
Deepwatch
Deepwatch secures the digital economy by protecting enterprise networks via its cloud security platform.
Funding
Current Stage
Growth StageTotal Funding
$256MKey Investors
Goldman SachsABS Capital Partners
2023-02-15Series C· $180M
2020-10-12Series B· $53M
2019-04-03Series A· $23M
Recent News
2024-05-24
2024-05-06
2024-04-15
Company data provided by crunchbase