POS-20111
Senior Security Analyst (Detection Engineering & Automation)
In the Senior Security Analyst (Detection Engineering & Automation) role, you will help strengthen and augment our detection engineering program. You will build use cases and write detection logic on a variety of security platforms to detect malicious activity in various attack stages. You will build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of new detection logic. You will also partner with engineering teams to develop technology that enables this work. You will closely collaborate with incident response teams to improve the reliability and quality of alerts. Your technical skills, collaboration, and teamwork will help to ensure that our detection systems work well to secure HubSpot and its customers.
If you want to solve interesting challenges in the threat detection arena and solve unique, complex security challenges, this is the role you want to be in. You will take on an important role in the threat detection engineering program, helping to deliver necessary research and features to achieve our team’s goals.
In This Role You’ll:
* Build a threat detection engineering program (full lifecycle)
* Build attack simulation scenarios, detection use cases & test their effectiveness
* Leverage an automation first mindset to work smarter / more efficiently
* Help respond when needed to critical security incidents
* Consult stakeholders on security-related subjects ranging from general OpSec, infrastructure architecture, etc.
Key Attributes:
* Experience building / maturing a detection engineering program
* Hands-on security operations experience working within a modern zero trust oriented cloud / SaaS-heavy environment
* Strong understanding of incident response best practices with practical experience responding to moderate to complex security incidents
* Experience identifying / building new detection use cases
* Ability to collect / analyze large sets of structured / unstructured data from disparate sources
* Solid experience using SIEM tools (Splunk) for security investigations
* Experience using various security tools (EDR, web proxy, IDaaS, etc.) to assist with an investigation
* Strong networking and systems knowledge with a good understanding of macOS and Windows internals
* Experience working collaboratively to define and implement security policies, procedures, and controls
* Experience providing internal security consultancy / advice to other teams within the company
* Experience writing code (Python/Java) to solve problems, facilitate easier data analysis, and to automate security tasks
* Acutely aware of industry security trends, advisories, news, and general research
Ideal Candidate (5+ years security experience):
* Deep knowledge of macOS and Windows internals and practical experience using it to secure such systems
* Experience in detection engineering processes / behaviors
* Experience monitoring / securing AWS, GCP, or Azure cloud environments
* Knowledge of containerization software and how to secure them (Docker, Kubernetes, OpenStack)
* Experience using tools like Splunk & Snowflake
* Experience using automation tools like Tines & Splunk SOAR
* Experience conducting data analysis using tools such as R, Tableau, PowerBI, Jupyter Notebook
#J-18808-Ljbffr