Senior Security Operations Center Analyst

Shutterfly Career Site

$102K — $154K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in security operations or incident response roles.
  • In-depth knowledge of security tools including EDR, SIEM, IDS/IPS, and DLP solutions.
  • Hands-on experience with detection content development and tuning, particularly with frameworks like MITRE ATT&CK.
  • At least 2 relevant security certifications from a recognized institution.
  • Strong familiarity with multiple operating systems including Linux/Unix, Windows, and Mac.

Responsibilities

  • Monitor and respond to security alerts across various tools and platforms.
  • Conduct thorough investigations and manage incident response from detection to postmortem.
  • Design and maintain detection content with a focus on high-fidelity detection.
  • Collaborate with Red Team to enhance threat detection and response capabilities.
  • Leverage AI technologies to optimize security operations and incident analysis.
  • Partner with engineering teams for consistent tool usage and improved monitoring capabilities.
  • Oversee threat intelligence operations to assess and report on the threat landscape.

Benefits

  • Comprehensive health benefits package.
  • 401K retirement plan with company matching.
  • Opportunity for remote work, depending on location.
  • Access to a variety of employee perks and discounts.
  • Continuous learning and development opportunities.
Full Job Description
Shutterfly is looking for a Sr. Security Operations Center Analyst (Defensive / Blue Team) to become a key member of our Security Operations Center (SOC) to monitor for malicious activity and act on alerts/detections, as well as investigate, respond (contain/triage/mitigate) and threat hunt. This analyst will collaborate with other members of the team to help simplify, streamline, automate and enhance the overall security capabilities of Shutterfly's Security Operations. This role is highly technical and requires advanced skills in intrusion detection, detection engineering, and threat hunting to identify credible risks/adversaries across all Shutterfly's systems. It centers as much on building, testing, and maintaining high-fidelity detections as it does on responding to them. A key to success for this role will be to collaborate with security engineers, developers, and business units to constantly improve the overall security posture at Shutterfly.

How can we apply threat modeling to daily security operations? How can we automate remediation and incorporate human judgement from users at scale? What open-source technology and OSINT can be applied as part of our toolset? If these topics excite you, then this role is for you.

What You'll Do Here:
  • Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS/DLP solutions for detections/incidents and threat hunt for malicious activity. Investigate, contain, triage and mitigate as needed; as well as continuously tune rules to reduce false positives.
  • Provide incident response and be a key point of contact during all incidents; which includes investigation, correlation, triage, response, mitigation, ticketing, documentation and postmortem analyses. Note Shutterfly's analysts are empowered to work an alert from start to finish, including any containment, investigation and mitigative actions needed.
  • Detection Engineering: Design, develop, test, and maintain detection content - treating detections as code where feasible - map detection coverage against a framework such as MITRE ATT&CK, and continuously measure and improve detection fidelity and efficacy over time.
  • Develop, tune, and validate detections across EDR/IDS/IPS/DLP and SIEM solutions to improve detection, reduce noise, add IOAs, and retire low-value rules.
  • Purple Team Collaboration: Partner with the offensive/Red Team as the Blue Team counterpart to produce Purple Team outcomes. Use adversary emulation and Red Team findings to build and validate new detections, close coverage gaps, and drive measurable improvements to detection and response based on those findings.
  • AI-Augmented Operations: Leverage AI and LLM-based technologies to augment analysis and automation across the SOC - accelerating triage and investigation, enriching and correlating alerts, summarizing incidents, and reducing manual toil - while applying sound analyst judgement to validate AI-assisted outputs.
  • Partner with the Information Security Engineering team to ensure thorough, consistent tool usage and coverage, and to mature monitoring and response capabilities. Build security automation workflows, enrichments, and mitigations that integrate across complex systems and tools.
  • Evaluate SOC policies and procedures and recommend updates to management where appropriate.
  • Grow and mature our threat intelligence program - gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment.
  • Enhance our detection capabilities with correlation, situational awareness and intel enrichment.

The Skills You'll Bring:
  • Proficient operator of security tools such as endpoint protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, WAFs, Edge/DNS security, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data loss prevention (DLP), etc.
  • Hands-on experience developing, tuning, and validating detection content (e.g., SIEM correlation/analytics and EDR detections), and familiarity with a detection framework such as MITRE ATT&CK.
  • 2+ of the following certifications: CEH, CISM, GIAC, GCIH, GCIA, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, etc.
  • Linux/Unix OS, Windows and Mac administration skills
  • Intimate understanding of technology and be motivated to constantly learn new technologies.
  • Strong ability to learn and research new things, including tools, languages, frameworks, etc.

It's Not Required But It's Nice To Have:
  • Programming/scripting experience (bash, python, PowerShell)
  • Forensics or malware analysis experience

This position will accept applications on an ongoing basis until filled.

The compensation package for this role is based on multiple factors, such as job level, responsibilities, location, and candidate experience. The base pay ranges included below are specific to the locations listed, and may not be applicable to other locations.

California : [$108,500-154,000]

Connecticut and New York: [$108,500-141,000]

Colorado, Illinois, Minnesota and Washington: [$108,500-130,500]

Nevada: [$102,000-141,000]

Maryland and New Jersey: [$117,250-141,000]

Hawaii : [$102,000-122,750]

This position may be eligible for a bonus incentive, health benefits, a 401K program, and other employee perks. More details about our company benefits can be found at https://shutterflyinc.com/benefits/.

This opportunity can be remote, but candidates must reside in a state in which Shutterfly is registered to do business. This includes all US states except District of Columbia, North Dakota, Mississippi, Rhode Island, Vermont, and Wyoming.

This position will accept applications on an ongoing basis until filled.

#SFLYTechnology

Similar Jobs

More Jobs at Shutterfly Career Site

More Information Technology Jobs

Find similar Senior Security Operations Center Analyst jobs: