Principal Cloud Security Operations Analyst

Pegasystems - Providence, RI

posted 5 months ago

Full-time - Principal
Remote - Providence, RI
Professional, Scientific, and Technical Services

About the position

As a Principal Cloud Security Operations Analyst at Pega, you will be an integral part of the Pega Cloud Security Operations Center (CSOC), a dedicated team of information security professionals tasked with safeguarding Pega's commercial cloud assets and offerings. Your primary mission will be to protect Pega Cloud by implementing strategies to deter, detect, deny, delay, and defend against both internal and external security threats. The CSOC is responsible for providing detection, monitoring, and incident response services for Pega Cloud, ensuring the confidentiality, integrity, and availability of our cloud infrastructure and assets. In this role, you will lead the continuous monitoring and protection of all global cloud security operations at Pega, taking charge during incident response efforts. You will collaborate with cross-functional teams, including security analysts, threat detection engineers, vulnerability analysts, security engineers, system administrators, and developers, to proactively identify potential security risks and vulnerabilities within our cloud environment. Your strong analytical skills will be essential in assessing and prioritizing threats, leveraging your deep knowledge of industry best practices and cloud security frameworks. Your contributions will directly impact the security and trust that our clients place in Pega as we assist them in transforming their business processes and driving meaningful digital experiences. You will be responsible for developing processes that drive proactive, automated detection and incident response tactics, supporting the quick resolution of cloud security events and incidents. This position offers a unique opportunity to shape the future of secure cloud operations and make a lasting impact on the world of technology.

Responsibilities

  • Provide oversight for the analyst staff and manage daily operations including security monitoring of Pega Cloud environments and responding to internal security events/requests
  • Lead security investigations and incident response activities to identify indicators of compromise (IOCs) and safeguard Pega Cloud and our clients
  • Mentor and coach the CSOC analyst staff regarding analysis, investigations, incident response, threat hunting/detection, and other related operational work
  • Function as a trusted advisor for the CSOC staff and the larger security organization within Pega's Technical Services Operations (TSO) branch
  • Develop and enhance standard operating procedures (SOPs) and security incident response plans (IRPs) for CSOC analysis and incident response methodologies
  • Actively contribute to the feedback loop for our threat detection team in developing high confidence detections focused on use cases for known and emerging threats, based on hypotheses derived from the Pega threat landscape
  • Assist in the development of playbooks for use by analysts to investigate both high confidence and anomalous activity
  • Work closely with stakeholders to design and implement robust security controls, detection mechanisms, and incident response methodologies ensuring compliance with relevant regulations and standards

Requirements

  • 2+ years of operational experience working for a large cloud service provider, with solid working knowledge of the applicable threat landscape and attack surface considerations
  • 4+ years of operational Splunk usage - primarily for analysis, investigations, and incident response including an in-depth use of Splunk Enterprise Security; creating focused Knowledge Objects such as correlation searches, notable events, dashboards, etc.
  • 4+ years of operational AWS usage including knowledge and analysis of CloudTrail, CloudWatch, GuardDuty, Trusted Advisor, and WAF logs
  • Extensive operational experience analyzing security detections, performing investigations, and conducting incident response in multi-cloud (AWS/GCP/Azure) environments - working knowledge of the implications in a microservices architecture (EKS/GKE) is a big plus
  • Solid working knowledge of the MITRE ATT&CK framework and Cyber Kill Chain, and experience developing actionable use cases relevant to the associated TTP's
  • A demonstrated working knowledge of cloud architecture, infrastructure, and resources, along with the associated services, threats, and mitigations
  • Working knowledge of GCP including analysis of Cloud Audit, Security Command Center, and WAF logs
  • Operational experience with EDR/XDR platforms and related analysis and response techniques
  • Solid working knowledge of the Linux OS and common attack methodologies
  • Experience developing SOPs, incident response plans, runbooks/playbooks for repeated actions, and security operations policies
  • Excellent verbal and written communication skills, including poise in high pressure situations
  • Demonstrated ability to work in a team environment and foster a healthy, productive team culture

Nice-to-haves

  • SANS, Offensive Security, or other top-tier industry recognized technical security certifications focused on analysis, detection, and/or incident response
  • Automation experience leveraging API integrations and SOAR platforms
  • Experience leveraging CSPM solutions to enforce cloud security best practices and enhance detection/analysis fidelity

Benefits

  • A robust global benefits program including a competitive pay + bonus incentive and Employee Equity in the company
  • An innovative, inclusive, agile, flexible, and fun work environment full of opportunities to learn and grow
  • Access to cutting-edge technologies and training resources, allowing you to stay at the forefront of cloud security
  • Collaboration, innovation, and work-life balance culture
  • Flexibility to work remotely when needed, allowing for a healthy work-life integration

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service