Senior Security Analyst - Team Lead

SailPoint is the leader in identity security for the cloud enterprise. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, ensuring workers have the right access to do their job - no more, no less.
About you:
We are seeking an experienced team-lead with established technical capabilities who is willing to continue to learn, contribute and educate others. As a Senior Security Analyst (Team Lead) you will work across diverse platforms to monitor cloud and IT infrastructure and triage security events. You are someone that embraces new challenges and contributes positively to your team. The ideal person for this role will make decisions with our 4 I's in mind - Innovation, Integrity, Impact and Individuals. You can read more about those here.
About the team:
You will join a new but capable team of both emerging and established talent. You will have the opportunity to influence, mentor, and shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities.
About the role:
This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders and be directly responsible for leading and delivering a comprehensive Security Operations program. While working on active tickets, you will also oversee and mentor junior analysts. This role reports directly to the Manager of Security Operations and can be remote or based in Austin, TX.
Responsibilities:

• Lead initiatives to increase the maturity and efficiency of Security Operations.
• Partner closely with Architecture/Engineering and Product Development to define and communicate functional requirements and technology performance feedback to mature the Security Operations technology stack.
• Responsible for event discovery and incident response activities as the Incident Commander; assist with efforts among multiple business units during response activities and post-mortem.
• Mature and develop playbooks, ensuring response activities align with the incident. response plan and provide comprehensive mitigation of threats.
• Provide timely, comprehensive, and accurate information in both written and verbal communications.
• Understand and apply the "how," "when," "where," and "why" when investigating cybersecurity incidents.
• Monitoring - proactively monitor internal and external-facing environments using specialized security applications.
  
  • Proactively research security-related information and threat intelligence sources to aid in the hunting and identification of threat activity.
• Response - provide full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting.
  
  • Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time.
  • Communicate across the incident, problem, and change management cycles.

Requirements:

• Due to FedRAMP requirements, US Citizenship is required to be considered for this role
• 6+ years of experience as a Security Analyst working in a SOC triaging and responding to alerts.
• Be available for after hours on-call rotation and paging.
• Have advanced knowledge of the current cybersecurity threat landscape and industry best practices.
• Demonstrate a proven track record of effectively operating in a team setting.
• Mentoring and assisting development of more junior analysts
• Possess experience and successful results in one or more of the following technologies:
  
  • Network Security Monitoring (Palo Alto, Fidelis, NetWitness, Cisco, WireShark, Snort, etc.)
  • Endpoint Detection and Response (Cortex XDR, Crowdstrike, Cylance, Carbon Black, etc.)
  • SIEMs (Splunk, SumoLogic, Devo, InsightIDR, QRadar, etc.)
  • Security Orchestration, Automation, and Response (Demisto/Cortex XSOAR, Phantom, Siemplify, etc.)
  • Cloud Service Provider IaaS and PaaS (AWS, Azure or GCP)
  • Service Management & Ticketing (Jira, ServiceNow, Zendesk or similar)
  • Vulnerability Scanning (Tenable, Qualys, Nessus, Nexpose, etc.)
  • Investigation, Intel, and research tools (Virus Total, IT-ISAC, Investigate, etc.)

• Experience in all the following:
  
  • Hands-on trouble shooting, analysis, and technical expertise to resolve incidents and service requests.
  • Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution, working experience against advanced persistent threats.
  • Competence in using and implementing both internal and external ticketing systems for ITIL-based incident, problem, and change management
  • Fundamental understanding of penetration testing, MITRE ATT&CK and attack path analysis (e.g LM kill-chain)
  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security

Nice to haves or things you'll learn in the role:

• Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 6+ years of related work experience
• Prefer 1 to 2 years of supervisory experience
• Certification aligned to the following:
  
  • SANS/GIAC
  • CompTIA
  • ISACA
  • Vendor Certifications
• Experience with compliance and regulatory frameworks such as FedRAMP, ISO27001, SOC2, SOX, GDPR

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.