Senior Security Analyst

Summary

Join HubSpot as a Senior Security Analyst and become a key member of the Security Operations team. You will leverage AI and automation to enhance security investigations, reduce ticket volume, and improve detection accuracy. Collaborate with the detection engineering team to identify and develop new detection use cases. Streamline ticket and alert processes, build attack simulations, and contribute to the Threat Hunting program. The ideal candidate possesses a strong investigative mindset and engineering skills, proactively identifying and solving problems. This role involves analyzing security tickets, implementing AI-first approaches, providing incident response support, and designing attack simulations. You will also architect Splunk queries, advise internal stakeholders, and mentor junior analysts.

Requirements

• Deep understanding of macOS and Linux internals, adept at leveraging this knowledge for advanced threat detection, forensic analysis, and system hardening in complex environments
• Strong capabilities in Splunk, including developing sophisticated, high-performance SPL queries, and optimizing data models and search efficiency
• Practical experience applying AI and machine learning models/techniques to large-scale security datasets for proactive threat hunting, advanced anomaly detection, and intelligent alert triage
• Competent coding skills (Python preferred) applied to problem-solving, data analysis, and the automation of security tasks and workflows
• Experience designing, implementing, and maturing security monitoring and detection strategies within multi-cloud environments (AWS, GCP, Azure), including expertise in cloud-native security services and log sources
• Demonstrated competence of the full detection engineering lifecycle, from threat modeling and hypothesis generation to rule development, testing, deployment, and continuous refinement using a data-driven approach
• Proven ability to identify and implement impactful automation solutions (e.g., SOAR playbooks, custom scripts) that significantly reduce manual toil, accelerate incident response, and scale security operations
• Experience in operationalizing threat intelligence, translating raw intelligence into actionable detection signatures, and enriching security events for deeper contextual insights
• A passion for mentoring junior analysts and actively contributing to team knowledge sharing through documentation, presentations, or internal training

Responsibilities

• Analyze security tickets to identify detection impact, team pain points, and iterate on detection logic for enhanced accuracy and reduced false positives
• Implement an AI-first approach, using it to augment human analysis, improve detection signal-to-noise, and reduce MTTD and MTTR
• Provide crucial support during critical security incidents, investigating, containing, and remediating threats with the incident response team
• Brainstorm, research, and build effective detection use cases by translating threat intelligence, attack frameworks (like MITRE ATT&CK), and security best practices into actionable detection logic
• Design and execute attack simulation scenarios based on real-world TTPs to test and validate new and existing detection capabilities
• Architect, develop, and optimize complex Splunk SPL queries, dashboards, and reports for advanced threat detection, contextualized security events, and automated response
• Advise internal stakeholders (engineering, product teams) on security topics, offering guidance on OpSec, secure infrastructure design, and risk mitigation

Preferred Qualifications

A self-starter mentality with a portfolio of independent research, tool development, or contributions to the security community (e.g., blog posts, conference talks, open-source projects)

Benefits

You can choose the working option that suits you @home, @felx or @office