Security Operations Center Analyst

Summary

Join Cloudflare's Security Operations Center (SOC) as a Security Operations Center Analyst and provide premium support for our security products. You will work with our largest and most technically sophisticated customers, assisting them with threats and attacks on their infrastructure. Analyze threats, suggest mitigation strategies, and implement them directly when necessary. Collaborate with engineering and product teams to improve our offerings. Extensive communication with customers via various channels is required. This role demands strong technical skills, including a deep understanding of the OSI model and various security protocols, as well as excellent communication abilities. The position involves a weekend and holiday rotation with core working hours of 9 to 5 Pacific Time. This is a remote position with options in Mexico City, but visa sponsorship is not provided.

Requirements

• Strong understanding of the OSI model, TCP, UDP, BGP, QUIC
• Advanced understanding of iptables
• Analysis of traffic for attack anomaly detection and creation of mitigation rules
• Experience in handling attack mitigation and thorough knowledge of various attacks (L3/4 and L7)
• At least 2 years of technical support experience and customer support experience is a must
• Strong communication skills with high-value customers
• Command line / Bash shell
• Sysadmin skills (Linux/Mac/Windows) & Programming skills (Python, Ruby, PHP, C, C#, Java, Perl, Git etc.)

Responsibilities

• Monitor and investigate the alerts to identify attacks
• Work with Engineering and Operations teams to mitigate attacks, suggest steps to mitigate, and apply the appropriate mitigation, when applicable
• Work with Engineering and Product teams to improve the products and tools
• Extensive communications with customers via chat, email, and phone
• Review the latest alerts to determine relevancy and urgency. Create new tracking tickets for alerts that signal an incident and require review or escalation
• Configure / Manage security monitoring rules and contribute to tool improvements
• Compare traffic signatures and attributes including IP addresses, cookie variations, HTTP headers, and JavaScript footprints to determine what is good traffic and what is malicious
• Participation in a weekend and holiday rotation required with main working hours 9 to 5 Pacific time

Preferred Qualifications

• Security skills and certifications preferred: CISSP, GCIA GCIH, GCFA, GCFE, etc
• Previous DDoS mitigation for OSI layers 3,4, & 7, filter malicious traffic using Cloudflare tools like Magic Transit, Network Firewall, WAF, IP reputation lists, packet inspection, blacklisting, whitelisting, and/or rate limiting is a plus