Product Security Analyst III | SOC

Position Summary

By joining ExtraHop as a Product Security Analyst, you’ll directly contribute to strengthening the security posture and ensuring the secure operation of ExtraHop’s market-leading cyber security products. This is an opportunity to collaborate with top-tier professionals, to learn and innovate, and grow your skills in cyber, cloud and product security.

 

You will play a key role in defining and running security operations, including security monitoring, incident response and vulnerability mitigation. Collaborating across teams and supporting ExtraHop’s production cloud service offering, your work will have a direct impact on the success of the company and your fellow colleagues.

 

We are looking for candidates with prior cyber security operations and incident response experience and who have a good foundational understanding of web applications, public cloud infrastructure, Linux systems, and container technologies. 

Key Responsibilities

• Work with security information & event management (SIEM), endpoint detection & response (EDR), network detection & response (NDR) tooling and other systems to perform security investigations

• Operate and improve SIEM, EDR, NDR and others tools; implement, evaluate and tune detection rules

• Implement tools and scripts to automate monitoring and response activities

• Perform and/or lead security incident response activities

• Perform threat hunting activities to proactively assess system activity and search for indicators of compromise

• Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections

• Contribute to vulnerability detection and response pipelines, including tools, reporting and tracking 

• Triage vulnerabilities; recommend and coordinate remediation actions 

• Collaborate with Product Security team members to contribute to standards, policies, procedures, documentation, and training 

• Other duties as assigned

Required Qualifications

• 4+ years of experience in cyber security or closely related roles

• 2+ years of which should be hands-on experience specifically fulfilling security monitoring, threat hunting and incident response duties

• Bachelors degree or equivalent experience in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field

• Direct experience with a modern SIEM platform, including creating dashboards and searches, tuning detections, and responding to alerts

• Direct experience with server endpoint detection & response (EDR)

• Technical knowledge of Linux systems, web application security and cloud security, including security principles and best practices for cloud-based environments

• Proficient with security tools, including vulnerability scanners, ticketing systems

• Strong analytical skills to effectively manage and resolve security issues

• Proven ability to communicate complex security concepts

• Must be a U.S. citizen or 

• Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each

Preferred Qualifications

• Direct experience with Splunk Enterprise Security, Crowdstrike Falcon, and ExtraHop RevealX NDR

• Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), and common compute services and data stores

• Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)

• Holds one or more security certifications

The base salary for this position rages from 130,000 - 160,000 plus bonus + benefits