Reports to:
Head of Security EngineeringBullish is seeking a Senior Security Operations Analyst to join our global security operations and incident response team. In this highly critical role, you will be responsible for monitoring and analyzing security incidents, responding to threats in real-time, and ensuring the integrity of our systems and platforms. Your expertise will help identify vulnerabilities and enhance our security posture through proactive measures and collaboration with cross-functional teams. This position requires a keen analytical mindset, a strong understanding of security technologies, and the ability to thrive in a fast-paced environment.
Responsibilities
Manage day to day activities of Bullish Global Security Operations Center (SOC) ensuring Service Level Objectives are met.
Continuously monitor security alerts and incidents using SIEM tools and other security technologies.
Create detection use cases in the SIEM, analyze security event data for proactive threat hunting, and conduct research on the latest threats and vulnerabilities to enhance incident response readiness and capabilities.
Respond to security incidents, performing initial analysis and escalation as necessary.
Participate in incident response planning and execution, ensuring timely containment and remediation of security breaches.
Research and analyze emerging threats and vulnerabilities to adapt security measures accordingly.
Document security incidents, identify gaps from incidents and recommend improvements, develop and maintain incident response plans and SOPs.
Prepare detailed reports for stakeholders on security incidents and trends.
Work closely with cross functional technical teams to ensure the security of systems and data.
Participating in the on-call rotation for after-hours coverage, which include responding to security incidents, performing containment and forensic investigations. Shift work may be required.
Qualifications
BS/BA degree in Cyber Security/Computer Science or equivalent combination of related work experience desired.
CISSP, CISM, GCIA, GCIH, GCFE, GCFA, GREM, and/or similar certifications are preferred.
5+ years of verifiable experience in Cyber Security (at least 3 years in Security Operations and Incident Response.)
Experience in performing analysis with SIEM technologies such as Splunk and/or Google SecOps (Chronicle).
Experience in performing proactive and reactive threat hunting using MITRE ATT&CK or similar frameworks.
In-depth understanding and working knowledge of security appliances/tools such as host-based and network-based IDS/IPS, WAF, EDR, etc.
Very strong understanding of networking protocols, operating systems and cyber security concepts and technologies.
Experience in forensic tools and malware analysis is a plus.
Experience with Cloud environments such as AWS/GCP/Azure is a plus.
Ability to work across different regions in a process/procedure driven organization.
Excellent verbal and written communication and presentation skills.
Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.