[Remote] Product Security Analyst III
Note: The job is a remote job and is open to candidates in USA. ExtraHop is on a mission to protect and empower the connected enterprise, ensuring the integrity of networks, data, systems, and processes. As a Product Security Analyst, you will strengthen the security posture of ExtraHop’s cyber security products, collaborating across teams to define and run security operations and incident response.
Responsibilities
- Work with security information & event management (SIEM), endpoint detection & response (EDR), network detection & response (NDR) tooling and other systems to perform security investigations
- Operate and improve SIEM, EDR, NDR and others tools; implement, evaluate and tune detection rules
- Implement tools and scripts to automate monitoring and response activities
- Perform and/or lead security incident response activities
- Perform threat hunting activities to proactively assess system activity and search for indicators of compromise
- Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
- Contribute to vulnerability detection and response pipelines, including tools, reporting and tracking
- Triage vulnerabilities; recommend and coordinate remediation actions
- Collaborate with Product Security team members to contribute to standards, policies, procedures, documentation, and training
- Other duties as assigned
Skills
- 4+ years of experience in cyber security or closely related roles
- 2+ years of which should be hands-on experience specifically fulfilling security monitoring, threat hunting and incident response duties
- Bachelor's degree or equivalent experience in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field
- Direct experience with a modern SIEM platform, including creating dashboards and searches, tuning detections, and responding to alerts
- Direct experience with server endpoint detection & response (EDR)
- Technical knowledge of Linux systems, web application security and cloud security, including security principles and best practices for cloud-based environments
- Proficient with security tools, including vulnerability scanners, ticketing systems
- Proficient with developing and refining Python code to integrate systems and automate response tasks
- Strong analytical skills to effectively manage and resolve security issues
- Proven ability to communicate complex security concepts
- Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
- Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each
- Direct experience with Splunk Enterprise Security, Crowdstrike Falcon, and ExtraHop RevealX NDR
- Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), and common compute services and data stores
- Experience working with container-based environments (Kubernetes, Docker, etc.)
- Holds one or more security certifications
Benefits
- Health, Dental, and Vision Benefits
- Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
- Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
- FSA and Dependent Care Accounts + EAP, where applicable
- Educational Reimbursement
- 401k with Employer Match or Pension where applicable
- Pet Insurance (US Only)
- Parental Leave (US Only)
- Hybrid and Remote Work Model
Company Overview