Security Analyst

As a Security Analyst, you’ll be part of a team of analysts and engineers with detecting and responding to security events across the Anaplan environment. This is a key position with the Cyber Defense team, and you will be instrumental in helping mature Anaplan’s ability to handle cyber incidents effectively and efficiently.

• Monitor, analyze, and triage alerts generated by a variety of tools and services.
• Assist and/or lead investigations into security incidents, supporting the organization through the incident response lifecycle.
• Conduct log analysis across a diverse ecosystem of technology to locate the root cause of incidents.
• Work in conjunction with MSSP and/or MDR partners to investigate security events.
• Research and keep up to date on threat actors and new TTPs.
• Participate in incident retrospectives and contribute to improvements in the overall security posture of Anaplan.
• Develop, mature, and test incident response processes.
• Contribute to the ongoing development of new use cases and automation playbooks.
• Maintain on-call availability to support after-hours coverage.

• 2-5 years of experience as an incident responder or forensic analyst working within a global SOC.
• Bachelor's Degree in computer science or information technology or a related field such as engineering, security, or STEM
• Good knowledge of the kill-chain model, ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework, and modern red team tactics and techniques.
• Familiarity with one or more programming/scripting languages (e.g., Python, PowerShell).
• Foundational knowledge in software engineering and/or cloud technologies including cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.
• Understanding of various attack vectors, threat tactics, and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.
• Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.
• Experience working on security investigations in cloud services.
• Certifications including, but not limited to, any of the following: GCIH, GCFA, GCIA, GSEC, GIAC, Security+, etc. are a plus.
• Ability to work effectively in ambiguous situations and manage change.
• Experience working with remote, globally distributed teams.

#LI-Remote

#LI-SP1