Senior Incident Response Analyst

Elastic

11h

About The Position

As a Senior Incident Response Analyst at Elastic, you are one of the front-line defenders for ensuring we are delivering safe and secure products and services to our customers, users, and fellow Elasticians. You will be responsible for reviewing and responding to alerts across a wide variety of sources that include multiple cloud providers, CI/CD environments, SaaS services, user workstations, and much more. Elastic is distributed globally by design, and we model our response practice around that same concept; enabling domain experts to respond with oversight from the Incident Response team and relying on you to provide oversight and guidance to these experts. You’ll also dive in and provide support in identifying what happened, who did it, when, and where to ensure we’ve accurately secured our environment during and after security events. If doing all of this with the Elastic Stack excites you, then we’d love to talk with you!

Requirements

At least 3 years of experience related to security operations / incident response in a complex, global environment. SaaS and cloud experience is a plus.
Demonstrated ability to solve complex IT and security problems through log and system analysis (Incident Response, SRE, System Administration). If you’ve done this with the help of the Elastic Stack, even better!
Demonstrated ability to think innovatively about solving critical security problems; Experience or a desire to optimize processes via AI/ML would be a plus.
Experience coordinating response activities to resolve IT and security-related problems with the right people in a timely manner.
Strong communication skills, with the ability to make sound decisions with limited information, and embrace challenging the status quo.
Are eligible to work in DoD Impact Level 4 or above cloud service environments

Responsibilities

Review and respond to alerts generated from our Elastic Detection Engine and other monitoring sources
Provide feedback to the Threat Detection team to improve the quality of detections by identifying false positives, enrichment opportunities, and automated response possibilities
Conduct analysis on SIEM and/or endpoint logs during complex investigations
Develop and document innovative approaches to detect, respond to, and eradicate advanced threats and improve overall time to respond
Identify additional integration points that would aid in event enrichment and enable automated response activities
Leverage the Threat Intelligence team to gather additional context for security events
Identify the root cause of events and collaborate with teams to remediate any identified control gaps or failures
Oversee and coordinate response activities that span multiple teams and products to ensure comprehensive remediation and sufficient mitigation of any identified gaps in security posture

Benefits

Competitive pay based on the work you do here and not your previous salary
Health coverage for you and your family in many locations
Ability to craft your calendar with flexible locations and schedules for many roles
Generous number of vacation days each year
Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
Up to 40 hours each year to use toward volunteer projects you love
Embracing parenthood with minimum of 16 weeks of parental leave

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume