XOPS is a fast-growing startup building the future of observability and automation for IT operations. Our platform unifies complex system data to deliver visibility, control, and intelligent workflows across the enterprise, empowering IT teams to manage the entire employee technology lifecycle with precision. As industries embrace AI to automate cars, rockets, and even farming, IT operations remain stuck in the past, reliant on spreadsheets and manual processes. We believe it is time for a change.
At XOPS, we are pioneering autonomous IT operations, freeing teams from tedious tasks and elevating them into strategic leadership roles. Our mission is to drive operational excellence, financial stewardship, and security across the enterprise, while transforming the employee experience. We are just getting started, and we are looking for exceptional teammates to help shape the future.
XperiencOps, Inc. is in search of an IT Security and Compliance Analyst who will be crucial in upholding our ISO 27001:2022/ ISO 27018 / SOC2 Type2 certifications and managing various aspects of our security and compliance framework. This role demands a professional skilled in policy maintenance, security incident documentation, and vendor security assessments, preferably with experience using Vanta for compliance management.
Key Responsibilities 1. Security Architecture & Tooling - Design, deploy, and maintain SOC-related technologies, with a particular focus on SIEM and IDS
- Develop and refine security use cases, detection rules, correlation queries, and dashboards SIEM tools to improve threat detection and response capabilities.
- Optimize IDS solutions to monitor and detect threats in cloud-native environments, ensuring clear and actionable alerts for the SOC.
2. SOC Operations & Threat Monitoring - Optimize threat detection and incident response strategies using SIEM analytics and IDS findings.
- Monitor and analyze logs, alerts, network traffic, and telemetry for Indicators of Compromise (IOCs) to rapidly identify and respond to potential threats across endpoints and cloud environments.
- Develop and implement tuning and filtering strategies to reduce false positives and improve the fidelity of alerts generated by SIEM and IDS tools
3. Incident Response & Forensics - Lead technical investigations of security incidents from identification through resolution, leveraging SIEM and IDS insights.
- Perform root-cause analysis, gather forensic artifacts, and implement long-term preventive measures in alignment with security best practices.
- Document incident response procedures, lessons learned, and recommendations to enhance readiness and maturity of the SOC.
4. Vulnerability Management - Assist in the identification, analysis, and remediation of vulnerabilities, working closely with vulnerability scanning and patch management tools.
Requirements - Bachelor's degree in Information Technology, Cybersecurity, or related field, with professional certifications in ISO 27001/27018, CRISC, or CISM being advantageous.
- Demonstrable experience in IT security and compliance, with a strong understanding of ISO certification requirements and security incident management.
- Familiarity with compliance management tools, preferably Vanta, and experience in conducting vendor security assessments.
- Detail-oriented with strong analytical skills, capable of managing multiple priorities in a fast-paced environment.
- Effective communication skills, both written and verbal, with the ability to convey complex security and compliance information clearly.
Location - This is a full-time, hybrid position based in our Pleasanton, CA office. The successful candidate will be required to report to the office 3 days a week.
For this role, the estimated base salary range is between $135,000 - $165,000 USD. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. The listed range above is a guideline, and the base salary range for this role may be modified. Benefits - Competitive Compensation: Salary, Equity, and 401K
- Comprehensive Vision, Dental, and Healthcare plans
- Discretionary Time off Policy (If you need time off, take time off.)
- 11 Company-paid Holidays
- Hybrid Work Policy - 3 days in office/2 days remote
- A chance to be part of a rapidly growing startup and make a real impact.