Sr Business Process Analyst (Sandy, UT)

About The Position

Requirements

• minimum of 5 years of related experience with a Bachelor’s degree in Computer Science or technical discipline; or 3-4 years and a Master’s degree; or equivalent work experience.
• Significant experience in a security operations, threat analysis, or intelligence role — you have seen real threats in real environments
• Strong understanding of network protocols, traffic analysis, and adversary behaviour
• Experience with SIEM, IDS/IPS, and security monitoring platforms — Splunk, Elastic, or equivalent
• Ability to triage and score vulnerabilities with contextual judgment, not just CVSS lookup
• Clear, precise written communication — incident reports, customer responses, and executive summaries all need to land with different audiences
• Sound independent judgment — you can prioritise without being told what matters most
• Calm under pressure — you have worked in environments where the pace is high and the stakes are real
• Collaborative by default — this role succeeds by making the whole security team more effective

Nice To Haves

• Familiarity with CVE/NVD processes, responsible disclosure, and vulnerability lifecycle management
• Security research and presentation
• Exposure to compliance frameworks — SOC2, ISO 27001, NIST
• Scripting capability for log analysis or workflow automation (Python, Bash)
• Experience communicating security findings or posture to senior non-technical stakeholders
• Prior involvement in customer-facing security discussions, audits, or RFP responses
• Relevant certifications: CISSP, GCIA, GREM, Security+, or equivalent

Responsibilities

• Lead first-response investigation on security incidents: reconstruct what happened, identify scope, contain where possible, and produce clear summaries for leadership and affected stakeholders
• Triage and score incoming CVEs using CVSS and contextual risk assessment — ensuring nothing ages past SLA without a documented decision
• Maintain the vulnerability tracking backlog in Jira — clear ownership, accurate status, SLA compliance
• Respond to customer security questionnaires, RFP security sections, and audit evidence requests — accurately and on time
• Develop and maintain a library of standard security responses and supporting evidence for common customer questions
• Support pre-sales security conversations alongside the Security Engineering Manager
• Produce regular security metrics and status reporting for engineering leadership
• Maintain internal security knowledge base, runbooks, and process documentation
• Support compliance evidence collection for SOC2, ISO 27001, and related frameworks

Benefits

• short-term incentive program
• new hire stock award
• paid parental leave
• open (uncapped) PTO
• hybrid work environment
• competitive medical, health & wellbeing and compensation offerings