Senior Security Operations Analyst

Summary

Join Ivanti's Threat Operations team as a Security Analyst to defend against cyber threats, enforce security standards, and participate in incident response. You will monitor cloud and on-premises environments, conduct threat hunting, perform digital forensics, and develop security playbooks. Collaborate with internal stakeholders and engineering teams to maintain a strong security posture. This role requires expertise in cloud computing, threat hunting, digital forensics, and security tools. You will leverage Splunk and other SIEM platforms for analysis and detection. The position involves proactive threat hunting, incident response, and post-incident analysis to improve security processes.

Requirements

• Strong understanding of cloud computing concepts and hands-on experience with major cloud platforms such as AWS and Azure, including native security services and monitoring capabilities
• Proven experience in threat hunting methodologies and frameworks, with ability to develop and execute hunting hypotheses
• Solid digital forensics experience including disk imaging, memory analysis, network forensics, and evidence handling procedures
• Demonstrated experience with Splunk including search processing language (SPL), dashboard creation, alert configuration, and data onboarding
• Experience developing and maintaining security playbooks, runbooks, and standard operating procedures for incident response
• A familiarity with both Windows and Linux environments and you are not afraid of the command line
• A strong knowledge of networking protocols, security technologies, and security frameworks
• An interest in solving puzzles and problems in unconventional ways
• Comprehensive understanding of common security vulnerabilities, threats, and attack vectors including cloud-specific threats
• Extensive experience with security tools such as vulnerability scanners, SIEM, IDS/IPS, EDR and antivirus systems
• Proficiency in scripting languages (e.g., Python, PowerShell) to automate security processes and analysis tasks
• Experience with cloud security monitoring tools and services (e.g., AWS CloudTrail, Azure Sentinel, AWS GuardDuty )

Responsibilities

• Triage and respond to security escalations from our internal monitoring tools, users, and MSSP and implement an appropriate containment and remediation response to the threat
• Monitor AWS, Azure, and physical environments for security incidents, assess their severity, and initiate the incident response process with particular focus on cloud-native threat detection and monitoring
• Lead and participate in incident response teams, coordinating response efforts and ensuring timely resolution of security incidents
• Conduct proactive threat hunting exercises to identify advanced persistent threats and emerging attack patterns across cloud and on-premises environments
• Support the Digital Forensic & Investigations Team in high tech investigations in the form of electronic evidence, computer forensic analysis, e-mail analysis, data recovery and network assessments in support of our Legal, Talent, Confidentiality, and Insider Threat organisations
• Perform digital forensics analysis on compromised systems, network artifacts, and cloud resources to determine scope and impact of security incidents
• Assist in post-incident analysis and documentation to improve incident response processes
• Develop, maintain , and optimise security playbooks and standard operating procedures for incident response and threat hunting activities
• Perform testing and tuning of detection and response security tools, EDR, Spam, IPS/IDS, Splunk, and other security tools to enhance detection capabilities
• Participate in hypothesis-driven threat hunting exercises using existing and alternative toolsets, with emphasis on cloud security monitoring
• Leverage Splunk and other SIEM platforms to analyse security events, create custom dashboards, and develop detection rules
• Perform research on emerging threats and update detection rules, threat models, and other tools
• Evaluate new technologies and processes that enhance security capabilities
• Collaborate with cross-functional teams to prioritise and address identified vulnerabilities and other security issues
• Stay updated on the latest trends and developments in cloud security and related technologies