Security Analyst III - Cyber Defense

Playlist

About The Position

The Security Analyst III is a critical expert position within our Security Operations Center, serving as the second most senior member of the SOC team. This role combines expert-level incident response leadership with team mentorship, operational process improvement, and proactive threat defense capabilities. The ideal candidate brings deep security operations experience and proven incident command abilities, enabling them to lead our most complex security incidents, elevate our team's technical capabilities, and drive operational maturity. You'll work directly with the Director of Cyber Defense to strengthen our incident response resilience, optimize detection coverage, and build the foundational processes that enable our SOC to scale. Success in this role requires broad technical expertise across modern cloud and SaaS environments, strong technical leadership and mentorship abilities, self-directed operational thinking, and the capability to identify and solve problems proactively. You'll be the expert in the room that others look to for guidance during our most challenging security events. You'll pursue continuous improvement to help Playlist achieve its mission: Powering the world's fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else.

Requirements

7–10+ years in security operations with proven incident commander experience leading complex, multi-team security incidents
Strong cloud security knowledge (AWS, Azure, or GCP) including architecture, IAM, logging, and attack patterns
Expert investigation skills across SIEM (Google Chronicle preferred), EDR (CrowdStrike preferred), and cloud security platforms
Demonstrated ability to mentor analysts and improve team technical capabilities
Self-directed operational mindset—identifies gaps and implements solutions without constant oversight
MITRE ATT&CK framework expertise and understanding of modern adversary techniques
Strong communication skills for directing senior analyst during incidents and explaining complex topics clearly

Nice To Haves

Detection engineering or SIEM rule writing experience
Threat hunting methodologies and frameworks
Threat intelligence consumption and operationalization
Scripting/automation (Python, PowerShell)
Application security fundamentals
GIAC (GCIA, GCIH, GCFA), CISSP, or comparable certifications

Responsibilities

Lead complex security incidents as incident commander from detection through resolution, providing expert-level response capabilities
Mentor our incident response team on advanced IC techniques, stakeholder management, driving incident closure, and conducting effective after-action reviews
Serve as technical escalation point for investigations requiring deep expertise in cloud security, application security, and modern adversary techniques
Develop team capabilities through hands-on mentorship during real incidents, teaching investigative methodologies and building technical depth in cloud, application, and detection fundamentals
Proactively identify and fix operational gaps without being directed—establish SOC metrics, improve processes, document workflows, and optimize our MSSP partnership
Improve detection coverage by conducting post-incident analysis, mapping gaps to MITRE ATT&CK, partnering with MSSP on custom rules and alert tuning
Conduct threat-informed activities including hypothesis-driven threat hunts, operationalizing threat intelligence, and translating threat landscape insights into detection improvements
Build relationships with service-owning teams to improve cross-team coordination and SOC engagement