Security Operations Analyst (SecOps)

📋 Description

• • Attio is at the forefront of redefining Customer Relationship Management (CRM) for the Artificial Intelligence (AI) era, building the first AI-native CRM designed to empower ambitious go-to-market teams. Having recently secured a significant $52M Series B funding round led by GV (Google Ventures), with strong backing from prominent investors like Redpoint, Balderton, Point Nine, and 01A, Attio is poised for rapid growth and innovation. Our culture is built around tackling complex technical challenges, delivering exceptional user experiences, and establishing new industry benchmarks.
• • As a Security Operations Analyst (SecOps), you will play a pivotal and mission-critical role within our Security, Infrastructure, and Performance team. Your primary responsibility will be to maintain and enhance a vigilant and robust security posture across the entire organization. This role is dedicated to the real-time protection of all organizational assets, infrastructure, and sensitive data, acting as a crucial frontline defender.
• • You will be instrumental in ensuring business continuity and safeguarding the confidentiality, integrity, and availability of all critical resources. This requires a deep and practical understanding of established security frameworks, intricate network protocols, and the ever-evolving tactics, techniques, and procedures (TTPs) employed by adversaries.
• • Your core duties will encompass comprehensive Security Monitoring, Triage, and continuous Improvement. This involves rapidly detecting and prioritizing active threats and vulnerabilities through constant vigilance using tools such as Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) solutions, and cloud-native security monitoring. Crucially, insights derived from thorough root cause analysis and proactive threat hunting will be directly integrated back into our engineering processes, enabling the refinement and enhancement of our detection capabilities.
• • A significant aspect of your role will be Security Incident Response. You will serve as the initial responder to all security events, performing rapid analysis, classification, and prioritization of reported or detected security incidents. Your objective will be to accurately determine the scope, severity, and potential impact on our platform and business operations.
• • You will also be responsible for enforcing compliance with internal security policies and external regulatory requirements. This includes maintaining meticulous records of all detected security events, detailed analysis findings, and comprehensive documentation of all incident response activities undertaken.
• • The role demands expertise in Security Information and Event Management (SIEM) platforms. You will be expected to have hands-on experience in the operation, administration, and ongoing maintenance of a major SIEM platform. Experience with Google SecOps (formerly Chronicle) is highly desirable, including advanced knowledge of data ingestion, rule creation, dashboard development, and optimization for both performance and cost-effectiveness. The ability to leverage this platform for proactive threat hunting and constructing complex queries is essential.
• • Proficiency in Google SecOps (formerly Chronicle) SOAR (Security Orchestration, Automation, and Response) tooling is also a significant advantage. This includes developing SOAR actions and workflows to automate alert triage, immediate incident mitigation, and streamline response procedures, thereby increasing efficiency and reducing response times.
• • Proven experience in the end-to-end development, documentation, and execution of comprehensive security incident response playbooks and procedures is a must. You will apply practical experience in incident triage, containment, eradication, recovery, and post-mortem analysis for a wide spectrum of security events, including malware outbreaks, unauthorized access, data exfiltration, and cloud compromises.
• • The ability to lead and coordinate incident response efforts across cross-functional teams, especially under pressure, is a crucial skill we seek. You will leverage deep expertise in the analysis of security logs from diverse sources, such as operating systems, firewalls, endpoint protection, and cloud environments, to identify anomalies, indicators of compromise (IOCs), and the root causes of incidents.
• • Expert-level knowledge of common attack vectors, attacker methodologies (e.g., MITRE ATT&CK framework), and the techniques, tactics, and procedures (TTPs) employed by various threat actors is fundamental to this role. A comprehensive understanding of network protocols like TCP/IP, DNS, and HTTP/S, along with their associated traffic patterns, will be vital for effectively detecting malicious activity and understanding its propagation.
• • Solid familiarity with industry-standard vulnerability scanning tools such as Nessus, Qualys, Rapid7, or Trivy is required. Desirable experience includes managing a vulnerability disclosure or bug bounty program, testing disclosed vulnerabilities, and collaborating with external security researchers. Furthermore, experience in establishing, running, and managing a continuous vulnerability management lifecycle, including scanning, reporting, prioritization, and tracking remediation efforts in coordination with engineering and system owner teams, is highly valued.