Sr. Security Operations Analyst

Senior Security Operations Analyst

Smarsh empowers organizations to manage risk and unlock intelligence within their digital communications. Trusted by over 6500 organizations globally, Smarsh helps regulated industries identify compliance, legal, and reputational risks across 80+ communication channels. Our relentless innovation has earned industry leadership recognition, driving sustained growth and consistent inclusion on the Inc. 5000 list.

About the Team

The Senior Security Operations Analyst is an expert-level position within the Security Operations Center (SOC), tasked with managing the most complex and critical security incidents. This role involves advanced threat analysis, incident response, and proactive threat hunting, while also contributing to the strategic enhancement of the organization's overall security posture.

Roles and Responsibilities

• Threat Research: Conduct research on new Advanced Persistent Threats (APTs), identify new Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs).
• Incident Triage & Remediation: Manage end-to-end security incident triage, providing contextual information to respective teams for remediation.
• Platform Optimization: Recommend fine-tuning and configuration changes to security platforms to improve detection accuracy and reduce false positives.
• Tool Integration: Develop and integrate playbooks and custom parsers for SOC tools.
• Incident Response: Develop and maintain incident response playbooks for continuous service improvements.
• Reporting & Analysis: Analyze monthly security reports from platforms and vendors to identify trends and vulnerabilities.
• Forensics & Malware Analysis: Conduct computer and network forensic investigations and malware analysis to determine the target and scope of incidents.
• Global Coordination: Coordinate efforts with globally dispersed teams.
• Documentation & Architecture: Document technology choices, best practices, and processes. Contribute to architectural discussions and plans.
• CI/CD Integration: Collaborate with engineers and development teams to integrate security practices into the CI/CD pipeline and automate security processes.
• Shift & On-Call: Participate in a 24x5 rotational shift (Hybrid) and on-call rotation during weekends.
• Audits & Compliance: Serve as a subject matter expert for security audits and compliance assessments, ensuring adherence to industry regulations (e.g., GDPR, HIPAA, SOC, ISO) and internal security requirements.
• Training & Documentation: Lead the creation of comprehensive security documentation and training materials for both technical and non-technical audiences.
• Attack Simulation: Lead collaborations with developers and engineers to simulate realistic cyber-attack scenarios to identify vulnerabilities.
• Third-Party Oversight: Provide oversight of third-party Security Operations Centers (SOCs) and perform second-level incident investigation and triage.
• Mentorship: Mentor and guide junior security engineers, fostering their technical growth and professional development.
• Process Improvement: Lead the creation of documentation and training materials for Security Operations.

Education & Experience

• Professional degree or equivalent education in Computer Science from a reputable college with a consistent academic record.
• 8+ years of experience in cybersecurity, with significant time spent in security operations.
• Expert knowledge of advanced cyber and cloud threats, attack methodologies, and countermeasures.
• Proficiency in SIEM, XDR, IDS/IPS, CSPM, forensic tools, and threat intelligence platforms.
• Hands-on experience with security systems, including EDR, firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content filtering.
• Strong expertise in incident response, threat hunting, and malware analysis.
• Ability to discuss and articulate security frameworks (MITRE, NIST), technologies, and best practices.
• Proven experience with SIEM, EDR, IDS/IPS, network forensic tools, and external exposure management tools.
• Experience in handling security events, incidents, breaches, and zero-day exploits.
• Demonstrated good judgment in managing workload and communicating project risks.
• In-depth understanding of cybersecurity and cloud principles, practices, and methodologies.
• Familiarity with common cyber threats, attack vectors, and vulnerabilities.
• Experience securing cloud environments (AWS, Azure, Google Cloud).
• Proficiency with incident response procedures, documentation, and best practices.
• Knowledge of cryptographic protocols and key management.
• Proficiency in LLM and security orchestration, scripting languages (e.g., Python, PowerShell) to automate security tasks.
• Dedication to staying updated with the latest security trends, tools, and techniques.
• Proficiency in creating clear and comprehensive security documentation, reports, and procedures.
• Familiarity with relevant regulations (GDPR, HIPAA, etc.) and industry standards (ISO 27001, NIST).
• Excellent verbal and written English skills for collaboration and conveying security concepts.
• Experience with common security tools (e.g., Burp/ZAP, Nessus, Kali Linux).
• Experience with Threat Modeling and Vulnerability Management Tools.
• Security certifications such as GCIH, GCIA, CASP, or GCFA are highly desirable.

About our culture

Smarsh fosters a culture of lifelong learning, innovation with purpose, humility, and humor. Collaboration is central to our work, as we partner with leading communication platforms and cloud infrastructure providers. We leverage AI/ML to drive breakthroughs at scale. As a global organization, we value diversity and believe in creating an inclusive environment where everyone can be their authentic self. Our leadership and culture have been recognized with Comparably.com Best Places to Work Awards.