Lead Security Triage Analyst

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

There is only one Data Cloud. Snowflake’s founders started from scratch and designed a data platform built for the cloud that is effective, affordable, and accessible to all data users. But it didn’t stop there. They engineered Snowflake to power the Data Cloud, where thousands of organizations unlock the value of their data with near-unlimited scale, concurrency, and performance. This is our vision: a world with endless insights to tackle the challenges and opportunities of today and reveal the possibilities of tomorrow.

AS A LEAD SECURITY TRIAGE ANALYST AT SNOWFLAKE, YOU WILL:

• Be part of a global team and learn from the industry’s best-in-class experts.
• Serve as the front-line of our Incident Response Team.
• Triage security alerts and take remediation or escalation actions.
• Develop and maintain response playbooks and work instructions.
• Develop and lead meaningful automation initiatives.
• Hone your technical and analytical skills while gaining invaluable experience.
• Coaching and supervising other Triage Analysts.

OUR IDEAL LEAD SECURITY TRIAGE ANALYST  WILL HAVE:

• A previous role on a Global SOC or Incident Response Team.
• Excellent communication and writing skills, along with the ability to create comprehensive and well-organized documentation.
• Knowledge of Industry Standard Security Frameworks/Processes
• MITRE ATT&CK®
• NIST/SANS Incident Response Plan
• Cyber Kill Chain®
• Experience working with a low-code / no-code automation or SOAR platform.
• Experience using investigative tools such as EDR, DLP, SIEM and querying across large datasets.
• Be proficient in analyzing email metadata and identifying spoofing and phishing attempts.
• Knowledge of Cloud Computing & Infrastructure. Examples include:
• Speaking intelligently about: Virtual Machines, Web Servers, Load Balancers, Reverse Proxies, Firewalls, etc.
• Can explain the benefits of serverless computing (e.g., AWS Lambda).
• Investigative experience with one or more of the top three cloud providers (AWS, Azure, GCP).
• Knowledge of networking and web protocols (TCP/IP,  Subnetting, VLAN, NAT, DNS, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
• Technical knowledge of operating systems (Windows, Linux, Mac). Be able to analyze system logs and other data sources to identify potential security incidents.
• Be familiar with various triage tools and techniques to facilitate efficient analysis of the binary file.

BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING:

• Prior experience using Snowflake.
• Knowledge of SQL.
• Python programming.
• Regular expressions.
• Basic understanding of Infrastructure as Code (IaC). 
• Basic knowledge of CICD processes.
• Cloud & security certifications (Examples: AWS Certified Solutions Architect, Security+, GCIH)
• Containerization.

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake. 

How do you want to make your impact?