Security Analyst III

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Who We Are

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. 

Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

• 2023, 2022 and 2021 Great Place to Work® Certified
• 2023 and 2022 Forbes America’s Best Startup Employers
• 2023 and 2022 Fortress Cybersecurity Award
• 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
• 2022 Cigna Healthy Workforce Silver Designation
• 2022 Cybersecurity Excellence Award for MDR

Security Analyst III - Splunk Experience Required 

Position Summary: 

Security Analyst III, which directly correlates to the Security Operations Center (SOC) Tier III analyst, are focused on the explanative analysis of an event; why and how. Analysts will demonstrate a curiosity that is tempered with training and experience.Analyst III’s are capable of developing greater context to events, allowing for more in-depth analysis and leveraging this to develop patterns of behavior in a client. The role will receive escalations from Tier I and II analysts to conduct advanced root cause analysis.  

This role will mentor Tier I and II analysts and work with Squad Leadership and subject matter experts on their chosen specialization and others to gain a greater understanding of the problems and environments, as well as to develop their own skills. Analyst III’s will be advanced in their chosen specialty, will be integral in producing analytical content and responsible for forensic investigations.

In this role, you’ll get to:

• Engage with customers on prescribed meeting cadences and ad-hoc requests
• Work in a subject matter expert capacity, related to deployed security technologies and their alternatives, Deepwatch products, and Deepwatch Squad activities
• Monitor, identify, and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering
• Provide after-hours support to the Squad and customers, as needed, to assist in resolution of customer incidents along with Team Leads & Managers
• Develop and deploy dashboards and reporting to meet customer needs
• Work alongside the Squad Leadership to support customers and their security; create and work within project plans to mature both customers and their security posture
• Work pre-defined shifts, as necessary, to support coverage gaps
• Validate suspicious events and incidents using open-source and proprietary intelligence sources
• Document and manage incident cases in our case management solution
• Assist with initial incident response and forensics requests
• Notify assigned customers of security incidents
• Triage support requests and help desk queue to maintain SLA
• Perform as an escalation point for Tier I and II Analysts, as necessary, related to alerts
• Mentor and assist Tier I and II Analysts with professional development as well as on-the-job training and mentorship in systems including Splunk, ServiceNow, and third-party threat intelligence tools 
• Report all operational issues or problems to the Squad leadership
• Work within the Squad and across Squads, Deepwatch’s Customer Success Managers, and other Deepwatch business functions to enhance Deepwatch’s product offerings and mature Deepwatch’s business practices
• Keep up-to-date with information security news, techniques, and trends
• Author unique analytical products
• Produce original content regarding new threats, techniques and information for internal and external consumption
• Develop an area of specialty with the goal of becoming a subject matter expert (e.g. Malware Analysis, Host Forensics, Network Forensics, Threat Hunting, Splunk Administration)
• Learn new tactics, techniques, and procedures for incident detection

To be successful in this role, you’ll need to:

• Demonstrate cybersecurity operations expertise, preferably within an MSSP environment
• Possess incident management expertise
• Possess advanced experience with Splunk or a comparable SIEM including creating dashboards & reports
• Deal with critical incidents and be able to resolve the highest level escalations
• Create runbooks, documentation & other special projects including playbooks, tuning and automation
• Build forensic timelines and identify anomalies
• Comfortable running customer meetings
• Identify security gaps and vulnerabilities to prevent threats entering customer networks
• Do a mix of que support, dashboard creation, attend or run customer meetings and handle customer investigation requests
• Be comfortable managing your own customer including managing tickets, escalating  and pushing out where needed
• Communicate any special requirements of high severity incidents to both internal and external stakeholders and escalate as needed to Managers or Leads
• Respond to customer requests when deploying new technology and create necessary response actions
• Mentor and assist Tier I & 2 analysts with professional development
• Assist the ATI team with Incident Response as needed
• Have advanced skills with  full packet capture analysis, malware analysis, host forensics (Windows), email analysis and experience working in a cloud env 
• Possess proven and demonstrated proficiency with SOAR, ServiceNow or comparable ticketing systems and Threat Intelligence tools and platforms
• Leverage strong communication skills, written and verbal
• Have a Degree in Information Security or Information Technology or equivalent experience
• Possess scripting experience - python or regex preferred
• Possess cybersecurity certifications strongly desired:
  • SANS, EC-Council, CompTIA, GCIA, GCIH, CEH, CySA, Net+/Sec+

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

• A citizen of the U.S.;
• A lawful permanent resident of the United States; 
• A person admitted to the United States as a refugee; or
• A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.

Statutory Pay Disclosure:

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $93,500 to $132,000+ stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

What We Offer:

Deepwatch is excited to provide benefits designed to support team members and their families. Including:

• Medical, dental, vision, and disability insurance
• Flexible Time Off (FTO), 9 company holidays, sick leave and 8-Weeks Paid Parental Leave
• Unique professional development benefits, starting at $3,000 annually
• Wellness contests and monthly educational programs
• 401(K) retirement program with employer match
• Learn more here: Deepwatch Benefits

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.  Please review our DEI Statement here.

Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact recruiting@deepwatch.com for further information.

All Deepwatch employees are expected to:

• Be interested in and able to work remotely from a home office when not at a corporate office
• Pass a pre-employment background and drug screen in accordance with applicable laws

Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.  In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information.