Senior SOC Analyst (Abuse Operations) - Technical Lead

United States and Canada

DigitalOcean

Simple, scalable cloud hosting solutions built for small and mid-sized businesses.

View company page

Do you ever wonder what happens inside the cloud?

DigitalOcean (NYSE: DOCN) simplifies cloud computing so builders can spend more time creating software that changes the world. With our mission-critical infrastructure and fully managed offerings, DigitalOcean enables startups and small and medium-sized businesses (SMBs) to rapidly deploy and scale modern applications. As a remote-first organization, our employees, like our customers, are based around the world.

We want people who are passionate about making the internet a safer place for everyone

We’re looking for inspired and motivated technical contributors to join the DigitalOcean team as Security Operations Analyst.  In this role, you will be a key member of DigitalOcean’s security team, reporting to the Manager of Security Abuse Operations.  You will improve the security posture of DigitalOcean both reactively and proactively, as well as handling incidents and making the internet a safer place.  Security Operations Analysts must excel at identifying vulnerabilities, building tactical and strategic mitigation plans, and eliminating bad actors inside the DigitalOcean platform.

What You’ll Be Doing:

  • Vetting abuse claims, responding to reporters, and helping customers focus on their company’s mission with DigitalOcean.
  • Analyzing network traffic to identify compromised systems, negate denial of service attacks, and pinpoint resource abuse.
  • Investigate, identify and mitigate abusive activities such as DDoS attacks, malware distribution networks, phishing attacks, etc.
  • Processing customer facing abuse cases with specific service level objectives for quality technical resolutions.
  • Handling live intrusions and security monitoring response cases, in a customer-facing transparent manner to minimize impact of malicious actors on the internet.
  • Proactively hunting for threats, red teaming activities, and working with penetration testers performing exploit and vulnerability research on DigitalOcean as customers.
  • Locating trends in abuse vectors, communicating with leadership to apprise of extent, and advocating for appropriate product changes to prevent future occurrences.
  • Triaging corporate Security Information and Event Management (SIEM) based alerts with investigative security analysis tactics for remediation.
  • Enhance technical automations and operations within daily workflows to help colleagues quickly remove abuse operation bottlenecks.
  • Provide weekly abuse operation highlights to internal technical teams across our engineering and infrastructure functions.
  • Engineering approaches to harvest security data, converting that data into actionable intelligence, and collaborating with the technical teams to take action with that intelligence.
  • Establishing an understanding of DigitalOcean’s entire production environment, from applications to infrastructure, keeping up-to-date with material changes and future directions.
  • Coaching and mentoring other skilled security practitioners across application, information, and infrastructure security.

What You'll Add to DigitalOcean:

  • A high degree of curiosity and aptitude, with a clear passion around security as a lifestyle.
  • Significant experience in one or more of the following fields:
    • Trust and Safety
    • Security Monitoring
    • Proactive Threat Hunting
    • Threat Intelligence Collection / Threat Investigation / Dissemination
    • Network Security / Cloud Security
    • Security Operations
  • Ability to diagnose, troubleshoot, and resolve security alerts and abuse complaints.
  • Understanding of hardware, software, and networking; distributed computing; virtualization; high-performance storage systems; databases; and cloud computing.
  • Understanding of fundamental TCP/IP concepts, application protocols and knowledge of database structures and working with Unix/Linux.
  • Intellectual curiosity and self-motivation to perform complex tasks.
  • Clear written and verbal communication skills to include; technical writing, presenting, coaching, and mentoring.
  • Ability to provide and receive clear, direct, and honest feedback for continuous improvement.
  • The ability to remain optimistic and passionate when overcoming security obstacles at scale in both reactive and proactive situations. 
  • Consistently improving security as the platform scales, driving continuous improvement through data collection and correlation, being mindful that security should be an efficiency enabler for the business - not a detractor.
  • Significant experience handling live investigations in response to intrusions and cloud compromises.
  • A forward looking perspective on collaborating with security engineering, tackling each problem with a degree of creativity that uses previous internal/external approaches as a data point..
  • Bonus: 
    • Ability to build tools and POC code, script, or automations to classes of problems rather than handling them manually (Python, Bash, Go, Ruby)

Why You’ll Like Working for DigitalOcean:

  • We reward our employees. (The base salary range for this position is between $102,000-$153,000 based on relevant years of experience and skills. The salary range for this role is specific to candidates located within the U.S. and will vary for candidates outside the U.S..) (The salary range for this position is based on relevant years of experience and skills.) Employees may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance. We also provide equity compensation to eligible employees including grants of equity upon hire and the option to participate in our Employee Stock Purchase Program.
  • We value development. You will work with some of the smartest and most interesting people in the industry. We are a high-performance organization that is always challenging our teams and employees to continuously grow. We maintain a growth mindset in everything we do and invest deeply in employee development through formalized mentorship and other internal programs. We provide all employees with reimbursement for relevant conferences, training, and education.
  • We care about your well-being. In addition to cash and equity compensation, we also offer employees a competitive array of benefits. In the United States, these include health insurance, unlimited vacation, retirement benefits, a generous parental leave program, and additional resources to support employees' overall well-being. While the philosophy around our benefits is the same worldwide, specific benefits may vary in other countries due to local regulations and preferences.
  • We value diversity and inclusivity. We are an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

*This is a remote role

#LI-Remote

Tags: Bash Cloud DDoS Exploit Linux Malware Monitoring Network security Python Ruby Security analysis SIEM SOC TCP/IP Threat intelligence UNIX Vulnerabilities

Perks/benefits: Career development Competitive pay Conferences Equity Health care Insurance Parental leave Salary bonus Startup environment Team events Unlimited paid time off

Regions: Remote/Anywhere North America
Countries: Canada United States
Job stats:  33  5  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.