Job Description:
• Detect, assess and respond to alerts and incidents
• Perform rapid triage to determine severity, validity, and urgency of alerts
• Follow SOC playbooks and SOPs to ensure consistent triage and decision-making
• Creates custom detections aligned to the MITRE ATT&CK Framework
• Review and audit available logging to determine potential gaps in detection capabilities
• Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews
• Hunts for new threats and perform data analytics to surface activity not seen within the environment
• Performs in-depth investigations on Windows, Linux, and MacOS hosts
• Write stories for engineers to improve our SOAR environment
• Support the improvement of SOC processes through feedback and operation observations
• Acts as a mentor and escalation point for SOC engineers
• Tune security tool configuration to minimize false positives
• Collaborate with security leadership, engineering, and compliance to execute security strategies
• Assess our current cloud security and propose improvements or solutions
• Serve as a subject matter expert for security tools, applications, and processes
Requirements:
• 5+ years of experience working in an information technology discipline
• 4+ years of security operations experience
• Deep technical understanding of modern Cybersecurity threats
• Ability to quickly learn new cybersecurity concepts
• Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework
• Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, Java, Rust, Go
• Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
• Basic understanding of compliance and regulatory requirements such as SOX and PCI.
• Ability to balance multiple priorities and meet deadlines
• Excellent problem-solving abilities
• Passionate about cybersecurity and self-driven to become an expert
• Preferred Qualifications: Proficiency in two or more of the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
• Proficiency in two or more of the following pillars: Phishing, DLP, Compliance, Networking, Forensics, Big Data, Threat Intel, Operating Systems, Reverse Engineering
• Contributes back to the cybersecurity community through teaching or through code
• Certifications such as CISSP, SSCP, GCIH or others focused on cybersecurity
Benefits:
• medical, dental, vision, basic and supplemental life insurance
• short-term and long-term disability
• paid parental leave
• family expansion reimbursement
• paid vacation from date of hire*
• sick time (accrued at 1 hour for every 25 hours worked)
• eight paid holidays
• two personal days per year
• 401(k) retirement plan with employer match
• discounted company stock program (S.I.P.)
• Starbucks equity program (Bean Stock)
• incentivized emergency savings
• financial well-being tools
• 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan
• student loan management resources
• access to other educational opportunities
• backup care
• DACA reimbursement
• compliance with state and local laws regarding employee leave benefits