Senior Security Threat Analyst
Remote, United States
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a member of the Slack Enterprise Security Operations team, you are the first line of defense for all the people and parts that together make up Slack. You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.
Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?
What You Will Be Doing
- Detect, respond to, investigate and remediate security events in an enterprise environment
- Develop, implement and automate strategies, applying best practices and threat intelligence to tune tools and rules for detecting and remediating malicious activity
- Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats
- Strategically define and implement additional detective capabilities or data sources to improve telemetry
- Work in partnership with other teams at Slack to constantly improve our defensive posture
- Create and investigate alerts from detective telemetry and tune rules to increase fidelity, leveraging frameworks such as the ATT&CK matrix
- Perform retrospective analysis using network, host, memory, and other artifacts from multiple operating systems and applications
What You Should Have
- 5-7 years in an enterprise security or threat analyst role
- Experience tuning, improving and devising new ways to collect signal, reduce noise, and identify suspicious events in corporate and SAAS environments; experience using Splunk a plus
- Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause
- Intermediate knowledge of Python and Yara, or similar, and application to security problem sets
- Experience applying threat intelligence to operational capabilities for improved detective capability
- Experience with scripting and automating detective capabilities, for example using python notebooks or orchestration tools
- Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts
- Understanding of basic forensic processes and procedures and open to developing these skills
- Strong communication and collaboration skills
- Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.
Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.
Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply.