Senior Security Operations Analyst

As a Senior Security Operations Analyst at Clear Street, you'll conduct proactive threat hunting in both cloud and on-prem infrastructures, develop targeted hunts using advanced data analytics, monitor security alerts, and analyze incidents in a 24/7 SOC environment. Your role will also involve performing forensic analysis, improving SOC processes, and collaborating closely with your peers to enhance team knowledge.

To qualify for the Senior Security Operations Analyst role at Clear Street, candidates should have 3+ years of experience in SOC operations, threat hunting, and incident response. A strong understanding of AWS/Azure security architectures and expertise in relevant security frameworks are vital. It's also preferred to hold certifications such as AWS Security Specialty, Azure Security Engineer, or CISSP.

Success as a Senior Security Operations Analyst at Clear Street is defined by enhancing the maturity of the SOC, effectively identifying and mitigating threats using data analytics, contributing to incident investigations, and fostering an environment of collaboration and knowledge sharing with fellow team members, ultimately leading to a more secure operational environment.

At Clear Street, Senior Security Operations Analysts have the opportunity to mentor junior analysts, participate in training sessions, and engage in knowledge-sharing initiatives. Clear Street actively promotes a culture of continuous learning, encouraging employees to stay updated with the latest in the security domain.

The work environment for a Senior Security Operations Analyst at Clear Street is collaborative and dynamic, emphasizing teamwork and communication. Employees are expected to work in the office 4 days a week, enjoying perks like lunch stipends and happy hours, all while contributing to a high-performance culture in a modern workplace.

In your response, share specific cloud platforms you've worked with, like AWS or Azure, and provide examples of threat hunting tactics you've successfully employed to identify risks and secure environments.

Detail your process for incident response, including initial detection, containment, eradication, and recovery steps. Mention any tools you are familiar with, such as SIEMs or EDR solutions, and highlight the importance of documentation throughout the process.

Mention subscribing to cybersecurity news feeds, participating in professional groups, attending conferences, and following key figures in the cybersecurity field on social media platforms as methods to keep abreast of threats and best practices.

Be specific about experience with tools you’ve utilized for data analytics, log analysis, or forensic investigations, explaining how these tools contributed to your overall threat detection and incident response efforts.

Discuss your familiarity with the MITRE ATT&CK framework, explaining how you have used it to understand adversary tactics, techniques, and procedures (TTPs) and how it aids in threat hunting and incident response.

Talk about your approach in assessing alert severity, considering contextual information, and using tools or methodologies that help streamline prioritization effectively in a busy SOC.

Provide a specific example of a challenging incident, your role in the reaction team, the strategies you implemented, and how the situation was resolved along with any lessons learned.

Share your experience in guiding junior analysts, detailing the techniques or training you’ve implemented to help them grow their skillsets and enhance team effectiveness in the SOC.

Outline potential improvements like investing in additional tools, refining existing workflows, or enhancing collaboration within teams, providing examples of how you've successfully implemented similar improvements in previous roles.

Emphasize the importance of documentation in maintaining transparency, delivering teams the ability to learn from past incidents, and supporting compliance efforts, along with your strategies for keeping documentation organized and accessible.