POS-20111

Senior Security Analyst

In the Senior Security Analyst role, you will be a key member of the Security Operations team. You will work to drive more advanced / effective uses of AI and automation to handle all but the most complex investigations. As an analyst working with a team, you will directly observe the impact of your efforts in reducing the volume of tickets and enhancing their quality. Additionally, you will assist in identifying new detection use cases and collaborate with our detection engineering team to develop them. Once we have streamlined the ticket and alert processes, you will play a key role in building attack simulations, reproducing attack scenarios, testing the effectiveness of existing alerts, and contributing to the development of our Threat Hunting program.

The ideal candidate will be an analyst with a strong investigative mindset who also embraces key aspects of engineering. This individual will not only identify problems but will also actively work to solve them, taking ownership of the challenges. They will be a builder at heart.

In This Role You'll:

• Analyze security tickets to identify detection impact, team pain points, and iterate on detection logic for enhanced accuracy and reduced false positives
• Implement an AI-first approach, using it to augment human analysis, improve detection signal-to-noise, and reduce MTTD and MTTR
• Provide crucial support during critical security incidents, investigating, containing, and remediating threats with the incident response team
• Brainstorm, research, and build effective detection use cases by translating threat intelligence, attack frameworks (like MITRE ATT&CK), and security best practices into actionable detection logic
• Design and execute attack simulation scenarios based on real-world TTPs to test and validate new and existing detection capabilities
• Architect, develop, and optimize complex Splunk SPL queries, dashboards, and reports for advanced threat detection, contextualized security events, and automated response
• Advise internal stakeholders (engineering, product teams) on security topics, offering guidance on OpSec, secure infrastructure design, and risk mitigation

Ideal Candidate's Security Experience:

• Deep understanding of macOS and Linux internals, adept at leveraging this knowledge for advanced threat detection, forensic analysis, and system hardening in complex environments
• Strong capabilities in Splunk, including developing sophisticated, high-performance SPL queries, and optimizing data models and search efficiency
• Practical experience applying AI and machine learning models/techniques to large-scale security datasets for proactive threat hunting, advanced anomaly detection, and intelligent alert triage
• Competent coding skills (Python preferred) applied to problem-solving, data analysis, and the automation of security tasks and workflows
• Experience designing, implementing, and maturing security monitoring and detection strategies within multi-cloud environments (AWS, GCP, Azure), including expertise in cloud-native security services and log sources
• Demonstrated competence of the full detection engineering lifecycle, from threat modeling and hypothesis generation to rule development, testing, deployment, and continuous refinement using a data-driven approach
• Proven ability to identify and implement impactful automation solutions (e.g., SOAR playbooks, custom scripts) that significantly reduce manual toil, accelerate incident response, and scale security operations
• Experience in operationalizing threat intelligence, translating raw intelligence into actionable detection signatures, and enriching security events for deeper contextual insights
• A passion for mentoring junior analysts and actively contributing to team knowledge sharing through documentation, presentations, or internal training
• A self-starter mentality with a portfolio of independent research, tool development, or contributions to the security community (e.g., blog posts, conference talks, open-source projects)

You can choose the working option that suits you @home, @felx or @office - https://www.hubspot.com/careers/hybrid-work