Security Analyst
WHOOP · Boston, MA · 2 wk ago
On-siteInformation Technology$70k–$110k/yrFull-time
Responsibilities
- Triage and investigate security alerts originating from internal security tooling as well as those escalated by external security monitoring partners.
- Maintain operational visibility across the security environment by monitoring and managing the internal security operations ticket queue, ensuring alerts and investigations are prioritized, tracked, and resolved in a timely manner.
- Assist with investigation of security events across endpoint, identity, cloud, and SaaS platforms.
- Support incident response activities including investigation, containment coordination, documentation, and post-incident analysis.
- Respond to external threat intelligence and digital risk alerts related to potential brand abuse, impersonation, or exposed credentials.
- Collaborate with security engineering teams and external security partners to improve detection coverage and reduce false positives.
- Help identify gaps in logging, telemetry, or investigation workflows across security platforms.
- Assist with threat hunting and security investigations using data from SIEM and other security tools.
- Support vulnerability management workflows by assisting with triage, prioritization, and tracking of remediation activities.
- Own and manage the security operations queue while serving as a central intake point for security questions, alerts, and reports across the organization, ensuring items are triaged, prioritized, and driven through investigation or resolution.
- Operate the organization’s phishing simulation program to reduce susceptibility to social engineering threats, including managing phishing campaigns and coordinating targeted remediation training for users with repeated failures.
- Identify opportunities to improve security operations through process improvements, automation, and responsible use of AI to streamline investigation, triage, and reporting workflows.
- Maintain documentation for incident response procedures, investigation workflows, and operational playbooks.
- Participate in the security team’s on-call rotation to support investigation and response activities when needed.
Qualifications
- 3+ years of experience in security operations, incident response, threat detection, or a related cybersecurity role.
- Experience investigating security alerts or suspicious activity across environments such as endpoint, identity, cloud, or SaaS systems.
- Experience triaging and managing security investigation workflows, including ticket queues or incident tracking systems.
- Familiarity with SIEM platforms, log analysis, and security monitoring tools.
- Understanding of common attacker techniques and frameworks such as MITRE ATT&CK.
- Experience working with security tools such as EDR platforms, identity systems, cloud logging platforms, or similar technologies.
- Familiarity with modern AI-enabled tools used in enterprise environments and an understanding of risks associated.
- Experience improving security operations through automation, scripting, or responsible use of AI to increase operational efficiency.
- Strong analytical and investigative skills with the ability to evaluate security events and determine potential impact.
- Ability to coordinate investigations across multiple teams and communicate findings clearly to technical and non-technical stakeholders.
- Strong written documentation skills for incident records, investigation notes, and operational procedures.
- Relevant security certifications such as Security+, CySA+, SSCP, GSEC, or GCIH are a plus.