Description:
Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defense technologies. As a SecOps Analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. As a Senior SecOps Analyst, you will serve as an incident commander alongside other senior analysts. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalization operations across the organization to understand user behavior and identify anomalies.
What You'll Do
- Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
- Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles
- As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
- Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
- Organize and conduct threat hunting and data baselines to identify anomalous patterns in data
- Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders. As a Senior SecOps Analyst, you will serve as an incident commander as necessary.
- Proactively collaborate with a wide range of stakeholders, guiding detection and response maturity of key worlds, leading incidents and large-scale data baselines, and being responsible with mentoring and guiding junior analysts.
Required Qualifications
- Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
- Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
- Must have experience with one or more SIEM languages (SPL, KQL, SQL)
- Experience conducting analysis in a data lake environment
- Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
- Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
- Strong communication skills and experience collaborating with internal and external stakeholders
- Must be able to obtain and hold a U.S. Top Secret security clearance
Preferred Qualifications
- Experience conducting incident response in the Cloud (AWS, Azure, GCP)
- Digital Forensics and/or reverse engineering experience is a plus!
US Salary Range
$166,000—$220,000 USD