Security Operations Analyst

Job Description COMPANY OVERVIEW Domo's AI and Data Products Platform lets people channel AI and data into innovative uses that deliver a measurable impact. Anyone can use Domo to prepare, analyze, visualize, automate, and build data products that are amplified by AI. COMPANY OVERVIEW: Domo puts data to work to help everyone multiply their impact. Domo gives every kind of user real-time insights they can act on, with secure, easy-to-use, AI-powered data experience that drives a culture of data curiosity. POSITION SUMMARY: The Security Analyst is a key member of Domo's Security Operations team. This position will be focused on developing cyber threat intelligence in addition to supporting, monitoring, detection, and security incident response efforts. A successful candidate will have excellent research and analytical abilities, being able to provide detailed insight into cyber threat actors and the tactics, techniques, and procedures they use. They will also have strong communication skills, being able to compile reports for technical audiences as well as business leaders. Bonus points for experience in a SaaS company leveraging AWS and other major CSPs for infrastructure. This role requires a strong understanding of security engineering principles for designing, building, and maintaining security infrastructure and systems. It also requires the ability to work effectively in a global team and communicate complex security concepts to both technical and non-technical colleagues. KEY RESPONSIBILITIES: - Data Analysis and Intelligence: Synthesize large datasets into actionable intelligence results. - Cyber Defense Development: Assist in creating content for cyber defense tools and coordinate with teams to validate security alerts. - Incident Documentation and Response: Document and respond to security incidents impacting the environment, including isolating and removing malware in response to new threats. - Event Correlation: Perform event correlation using enterprise-wide information to assess the effectiveness of observed attacks. - Threat Reporting: Regularly provide threat landscape reports to the security group and business leaders. - Intrusion Detection and Analysis: Detect and alert possible attacks/intrusions, anomalous activities, and misuse, and analyze malicious activity to determine exploited weaknesses and methods. - Threat Actor Identification: Identify tactics, techniques, and procedures used by threat actors using frameworks like MITRE ATT&CK. - Incident Notification: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents. - Threat Monitoring: Monitor external data sources to maintain currency on threat conditions. - Stakeholder Collaboration: Collaborate with stakeholders to resolve computer security incidents. Required: JOB REQUIREMENTS: - Experience and Education: 3-6 years of experience in an intelligence analyst or security operations role, with a Bachelor's or Master's degree or a certification such as CompTIA Security+, Network+, GIAC GSEC, or similar. - Technical Knowledge: Understanding of physical computer components, network architectures, attack methods, common computer/network infections, and encryption algorithms. Familiarity with cyber intelligence/information collection capabilities, cyber operations terminology, data communications terminology, and internet network addressing. - Cybersecurity Expertise: Proficiency in identifying what constitutes a network threat, knowledge of penetration testing principles, tools, and techniques, and understanding of how to extract, analyze, and use metadata. Familiarity with physical and logical network devices and infrastructure. - Analytical Skills: Ability to evaluate information for reliability, validity, and relevance, and skill in identifying critical target elements. - Communication Skills: Ability to prepare and present briefings, write, review, and edit cyber-related Intelligence/assessment products, and articulate intelligence requirements into research questions and data tracking variables. - Research Skills: Proficiency in using multiple search engines and tools. - Engineering Skills: Strong understanding of security engineering principles for designing, building, and maintaining security infrastructure and systems with experience with cloud, corporate, and endpoint security. Desired: - Advanced Framework Knowledge: Proficient in the MITRE ATT&CK Framework and its application to all levels of monitoring, detection, and incident response. - Cloud Security Expertise: Comprehensive understanding of major Cloud Service Providers services, security tools, and logging. - Deep Web Research Skills: Skilled in conducting non-attributable research using deep web and dark web. - Threat Identification: Advanced skills in identifying cyber threats that could impact the organization and partner interests. - Tailored Analysis: Knowledge of tailoring analysis to necessary levels, using multiple analytic tools, databases, and techniques. - Scripting and Automation: Ability to use scripting languages for automation and problem-solving in security and vulnerability analysis with emphasis in cloud infrastructure, endpoint, and security system integrations, such as SIEMs. LOCATION: Pune, Maharashtra, India Domo is an equal opportunity employer. VIEW OUR BENEFITS Domo is an equal opportunity employer