SOC Analyst

At BitGo, a SOC Analyst is responsible for managing and responding to security alerts across our environment. This includes reviewing and triaging alerts, tuning rules to minimize false positives, writing new detection rules aligned with the MITRE ATT&CK framework, and escalating potential security incidents. Additionally, the SOC Analyst collaborates with Engineering and IT teams to enhance detection capabilities and coverage.

To be a successful SOC Analyst at BitGo, candidates should have at least 2 years of experience responding to security alerts. Familiarity with the MITRE ATT&CK framework is essential, as is comfort in writing and tuning detection rules. Experience in triaging alerts and dealing with application, SaaS, cloud, and endpoint logs is a plus. Strong communication skills are necessary to effectively convey information to both technical and non-technical stakeholders.

The work environment for a SOC Analyst at BitGo is dynamic and innovative, situated in New York City. While the primary work hours are during regular business hours, flexibility is key, as weekend and evening coverage may sometimes be required. You’ll be part of a collaborative team passionate about technology and security, all while aiming for excellence in the dynamic space of digital assets.

As a SOC Analyst at BitGo, you'll enjoy a competitive base salary ranging from $115,000 to $145,000, depending on your level and location, in addition to stock options and an annual performance bonus. The company provides 100% paid health insurance for employees and their families, a 401k plan with up to a 4% company match, paid parental leave, and generous paid vacation time. You’ll also benefit from free lunches and a supportive work environment.

BitGo fosters an environment that supports professional growth among its SOC Analysts by encouraging innovative thinking and problem-solving approaches. You'll be empowered to take ownership of your work while collaborating with skilled colleagues. The company not only offers competitive compensation packages but also invests in your development through exposure to various security challenges within the rapidly evolving digital asset landscape.

Highlight any specific projects or situations where you applied the MITRE ATT&CK framework to identify threats or enhance detection capabilities. Discuss how you used it to analyze or document threats to provide a comprehensive understanding of its applications.

Be prepared to recount a specific incident where you assessed a security alert's severity. Explain the steps you took, how you determined the response strategy, and the outcome of your actions to showcase your decision-making process.

Discuss your approach to tuning security alerts, perhaps by giving examples of specific thresholds or rules you adjusted. Explain the importance of accurate alerts and how reducing false positives improves overall response efficiency.

Mention the specific security tools and technologies you have experience with, including SIEM solutions, endpoint protection systems, or any other relevant software. Provide examples of how you utilized these tools in previous roles.

Describe your role in previous incident response activities, emphasizing any significant incidents you were part of. Talk about communication strategies, coordination with other teams, and how you ensured effective handling of the incident.

Explain your process for verifying information while maintaining effective communication among involved parties. Discuss how prioritization of tasks assists in analyzing conflicting information to reach accurate conclusions.

Communicating effectively requires adaptability. Share your method of assessing the audience’s understanding and adjusting your explanations accordingly. Use specific examples where you successfully conveyed complex technical information to non-technical colleagues.

Discuss your commitment to continuous learning through resources such as threat intelligence feeds, blogs, webinars, and relevant professional associations. Share any specific platforms or publications you regularly follow to keep your knowledge current.

Outline a series of actions, such as assessing current coverage and identifying gaps. Discuss how collaboration with engineering and IT teams can help implement enhancements and ensure a robust security posture.

Reflect on what excites you about the role at BitGo, emphasizing your enthusiasm for contributing to the security of digital assets and the company's mission. Mention specific values or aspects of BitGo’s work culture that align with your career aspirations.