About the Opportunity

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven Senior Security Analyst with experience performing analysis and incident management of information security events, as well as experience contributing directly to the growth of and design of a security program. As a Senior Security Analyst, you will have daily alert investigation and incident response responsibilities, but you will be empowered to proactively drive change to shape and support the growth of our Security program.

Candidates should have experience triaging new and unfamiliar alerts, leading technical workstreams in incidents, or leading all aspects of medium scale incidents. They should have experience creating and maintaining high quality threat detection and demonstrate knowledge and understanding of common Information Security principles and frameworks, coupled with excellent communications skills and a continuous desire to learn and grow.

You will be expected to work independently, work as a part of a global dispersed team, and partner with stakeholders throughout the organization to ensure comprehensive risk mitigation while reducing impact to end users throughout the organization.

What to expect? 

• Perform daily alert investigation and response in a hybrid environment.
• Conduct detail-oriented analysis across challenging and complex ecosystems.
• Communicate investigation and threat updates to technical and non technical senior leaders.
• Work collaboratively across internal functions to identify, respond, and remediate security issues.
• Investigate and lead incidents of medium size and complexity.
• Investigate vulnerability exploitation and support remediation inline with vulnerability programs.
• Collaborate with the team and actively assist in major response exercises.
• Drive continuous improvement across all aspects of threat detection and response.
• Create processes, documentation, and runbooks to support a rapidly growing team.
• Identify systemic issues and collaborate on approaches to address root causes.
• Collaborate on threat models by incorporating detection use cases into designs.
• Identify and lead efforts to improve efficiency, response, detection, and preventative measures.
• Design and build detection logic across multiple platforms (e.g., SIEM, EDR, etc.)
• Play an active role in scaling Operation practices by contributing to team roadmaps.
• Provide delightful and informative interactions with all end users.
• Proactively identify opportunities for user training and awareness programs.
• Provide insights and input on tool selection to help grow our cybersecurity portfolio.

What you need to be successful

• 5+ years of Security Operations experience, including alert triage and investigation
• 2+ detection and tuning experience, inclusive of Security Operations experience
• 2+ years of Security Incident Response experience
• Ability to support on call and occasional off-hours incident response efforts
• Proficiency in analysis fundamentals (e.g., log analysis, live response, forensics, etc.)
• Mastery of investigation methods and adept at handling new and unfamiliar cases.
• Firm understanding of attacker Tactics, Techniques, and Procedures
• Proficiency in attacker techniques in cloud-native and traditional environments.
• Strong technology fundamentals (e.g., OSI Model, TCP/IP, Layer 7 protocols , etc.)
• Ability to perform detailed host analysis on Mac, Windows, & Linux systems.
• Hands-on experience using security technologies (e.g., SIEM, EDR, AntiVirus, etc.)
• Hands-on experience with malware analysis using dynamic and static analysis tools.
• Expertise in AWS audit and security services to investigate cloud centric threats
• Proficiency investigating incidents across SaaS platforms and identity systems
• Experience performing investigations in cloud service providers (e.g., AWS, GCP, Azure, etc.)
• Practical experience with cross-platform and hybrid environment investigations
• Ability to interpret designs and enumerate actionable detection use cases
• Familiarity with modern engineering and detection engineering practices
• Practical mindset to balance business needs with security requirements.
• A drive for change through continuous improvement
• Capable of working independently but possesses a collaborative mindset
• Comfortable working with a geographically dispersed team.
• Experience working independently and as part of a team
• Ability to work in a fast-paced environment, often juggling multiple tasks, alerts, and incidents
• Passion for solving complex security problems in innovative and scalable ways

What’s in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences
• Full-time employees receive Stock Options for the opportunity to share in the success of our company
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, sick days,  education days, compassion days for loss, and volunteer days
• Time off to care for and focus on your growing family 
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties 
• An annual wellbeing stipend to care for your physical, financial, or emotional health
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.

#LI-KH1 #LI-Hybrid