XperiencOps, Inc. is in search of an IT Security and Compliance Analyst who will be crucial in upholding our ISO 27001:2022/ ISO 27018 / SOC2 Type2 certifications and managing various aspects of our security and compliance framework. This role demands a professional skilled in policy maintenance, security incident documentation, and vendor security assessments, preferably with experience using Vanta for compliance management.
Key Responsibilities 1. Security Architecture & Tooling - Design, deploy, and maintain SOC-related technologies, with a particular focus on SIEM and IDS
- Develop and refine security use cases, detection rules, correlation queries, and dashboards SIEM tools to improve threat detection and response capabilities.
- Optimize IDS solutions to monitor and detect threats in cloud-native environments, ensuring clear and actionable alerts for the SOC.
2. SOC Operations & Threat Monitoring - Optimize threat detection and incident response strategies using SIEM analytics and IDS findings.
- Monitor and analyze logs, alerts, network traffic, and telemetry for Indicators of Compromise (IOCs) to rapidly identify and respond to potential threats across endpoints and cloud environments.
- Develop and implement tuning and filtering strategies to reduce false positives and improve the fidelity of alerts generated by SIEM and IDS tools
3. Incident Response & Forensics - Lead technical investigations of security incidents from identification through resolution, leveraging SIEM and IDS insights.
- Perform root-cause analysis, gather forensic artifacts, and implement long-term preventive measures in alignment with security best practices.
- Document incident response procedures, lessons learned, and recommendations to enhance readiness and maturity of the SOC.
4. Vulnerability Management - Assist in the identification, analysis, and remediation of vulnerabilities, working closely with vulnerability scanning and patch management tools.
Requirements - Bachelor's degree in Information Technology, Cybersecurity, or related field, with professional certifications in ISO 27001/27018, CRISC, or CISM being advantageous.
- Demonstrable experience in IT security and compliance, with a strong understanding of ISO certification requirements and security incident management.
- Familiarity with compliance management tools, preferably Vanta, and experience in conducting vendor security assessments.
- Detail-oriented with strong analytical skills, capable of managing multiple priorities in a fast-paced environment.
- Effective communication skills, both written and verbal, with the ability to convey complex security and compliance information clearly.
Location - This is a full-time, onsite position based in our Pleasanton, CA office. The successful candidate will be required to report to the office 5 days a week.
Benefits - Competitive salary with comprehensive benefits.
- An engaging role in a dynamic and growing company with opportunities for professional development and growth.
- A collaborative work environment where your contributions to IT security and compliance are highly valued.