Sr. Information Security Operations Analyst

Seniority Level: Mid-Senior

Location:  Remote (select US States)

About the role and about You:

At Zwift IT, we are constantly improving our security practice and enforcing our security policy. Currently, we are looking for a Sr. Information Security Operations Analyst to join our Information Security team.  We are looking for a candidate who possesses deep expertise in the security threat monitoring, detection, and incident response space, especially in a hosted cloud/web operations environment. The Sr. Information Security Operations Analyst will be a part of Zwift’s information security team intended to protect and safeguard our information assets, keeping our computer systems and network devices hardened against attacks and data breaches. The chosen candidate will be capable of adapting to a fast-paced environment and be ready to address shifting priorities as needed. The selected candidate will demonstrate creativity and out-of-the-box thinking to continuously improve the organization’s threat intelligence, security monitoring, detection, and response capabilities.

Successful Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and comfortable navigating ambiguity. You should have strong problem-solving skills, excellent interpersonal skills, a deep technical understanding of information security operation infrastructure, and the desire to be an individual contributor to securing Zwift assets.

What you’ll do:

• Provide subject matter expertise in security threat analysis, hunting, detection, and response across Zwift’s Production and Corporate IT environments
• Perform analysis, correlation of actionable security events and alerts, and network traffic analysis using raw packet data, net flow, IDS/IPS, SIEM, and/or any custom sensor output as it pertains to security threat intelligence, analytics, and visibility
• Participate in the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain, eradicate and recover from security incidents in a timely manner, within the Cloud Operations and Corporate IT environments
• Develop and maintain the incident response framework consisting of Incident Response Plans and Procedures in the form of run books, for the most relevant incident types
• Ability to investigate and understand threat campaign(s) techniques, lateral movements, and indicators of compromise (IOCs).
• Interface with external entities including law enforcement organizations, intelligence community organizations, and other government agencies as required.
• Willingness to be on call and work odd hours when required

What you'll have:

• Bachelor’s degree in Computer Science, Information Systems, or related technical field
• 5+ years of previous experience working in security operations, hunt teams, threat intelligence, or incident response
• Public Cloud experience required
• 3+ years of experience working with multiple security technologies including IDS/IPS, SIEM, Log Analysis (Windows, Linux, Web Servers, FIM, NextGen Firewalls, NextGen AV, WAFs, etc.), Network and User Behavior Analysis tools, and Network Packet Analyzers and Visibility tools
• 3+ years of experience leading cyber security incident resolution as an Incident Response Engineer or Analyst in an Enterprise environment
• Knowledge of the Incident Response lifecycle, working independently to investigate and effectively respond to cyber security incidents, working with Digital Forensics tools in an Enterprise environment
• Advanced Knowledge of the TCP / IP protocol suite, security architecture, securing  and hardening Operating Systems, Networks, Databases, and Applications Experience developing and maintaining operations playbooks, run books, and the IR plans
• Prior experience employing forensic tools and techniques for attack reconstruction, including forensic analysis and volatile data collection and analysis, will be an added advantage
• Thorough understanding of the  threat and attack landscape, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors
• Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely

Bonus points:

• Comfortable in an AWS environment
• CISSP, GSEC, GCFA, GCIH, CHFI,  SEC+. CEH, or other Cyber Security related certifications

How to stand out among the rest:

Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.

Values:

Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong.  Only then can they thrive and do their best work.  The values we strive to live every day are:

• Make It Fun
• Elevate Teammates
• Cultivate Our Community
• Always Level Up
• One Zwift for All

We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected]. 

Zwift, Inc. is an Equal Opportunity Employer.

Transparency in Coverage: 

Health plan price transparency is designed to help consumers know the cost of covered items or healthcare-related services prior to the date upon which they receive care. Transparency in Coverage (TIC) regulations require health insurers and group health plans to create machine readable files (MRFs) that contain the negotiated rates for in-network providers and allowed amounts derived from historical claims for out-of-network providers and make those files publicly available.

Here is the link to the site on which Kaiser Permanente posts its in-network and out-of-network allowed amount machine-readable files (MRFs).

Here is the link to the site on which Anthem posts  its in-network and out-of-network allowed amount machine-readable files (MRFs). The link will allow you to search for your files using your Employer Identification Number (81-2798595)