Join Vultr

The Cybersecurity Operations team is a central pillar of our growth strategy, and we are looking for a Senior Intrusion Detection Analyst to help lead the aggregation of ingested data into automated workflows toward incident detection and response management.

You’ll be an SME on logging solutions, incident & event monitoring, threat hunting, DQLs, and task optimization toward alerting. The ideal candidate is a self-driven remote professional with the passion and determination to proactively thwart cyber attacks in daily operations. Our team’s mission is to support Vultr operations by identifying, assessing, communicating, and rectifying threats across the organization. We believe that operational security is at the forefront of a thriving enterprise and are eager to expand our blue-team operations at Vultr, toward the enhancement of our security posture, as a global Cloud Service Provider.

What to expect:

• You will provide oversight as well as performing Intrusion Detection Monitoring and Incident Management Daily Operations and Maintenance Services through the application of the intrusion detection monitoring and incident management tools and processes
• You will also be an escalation point for junior analysts as unauthorized, malicious, or anomalous activity is identified
• The senior analyst will assume a lead role on the team performing technical hands-on duties and providing oversight in the following areas:
• Review audit data, e-mail spam, and network traffic data for irregularities or other indications of real or potential security violations
• Correlate and analyze security data and events from alert and traffic flow systems
• Identify potential distributed, long-term, coordinated, low-visibility network-based attacks
• Identify potential advanced persistent and coordinated threats across multiple platforms
• Perform tuning and optimization tasks to include sensor rule review and log aggregation/visibility
• Develop/enhance existing intrusion detection analytics/dashboards/signatures to remain commensurate with evolving cyber threat
• Investigate all security-related events and incidents involving information systems
• Create, proofread, and submit formal after actions reports (AAR) on classified security events.

Our ideal candidate will have:

• BS Degree with 6+ years of relevant experience, an MS with 4+ years, or 8+ years of experience in lieu of a degree
• Professional experience using centralized logging solutions (SumoLogic, Splunk, Grafana, etc.)
• Willingness to perform DQL exercise to show proof of proficiency or provide a PoC
• Expert understanding of API host collection, data source correlation, and secure collector maintenance
• Must have a strong foundation working between both on-premise and cloud servers via command
• Professional experience working with information security frameworks, including NIST, ISO 27001/2, SOC2, GDPR, PCI-DSS, & CIS.

Compensation

$100,000 - $115,000

This salary can vary based on location, years of experience, background and skill set.