[Remote] Senior Security Analyst

Note: The job is a remote job and is open to candidates in USA. Flock is a company dedicated to building technology that reduces crime and protects privacy. They are seeking a Senior Security Analyst to enhance their Security Operations, focusing on data protection and incident response in a rapidly scaling cloud infrastructure.

Responsibilities

• Lead deep-dive investigations into complex security incidents escalated from Tier 1, utilizing SIEM, EDR, and Cloud telemetry to determine scope and impact
• Execute immediate containment strategies (e.g., host isolation, account resets, firewall blocks) and coordinate with IT and Engineering teams for full-system remediation across multiple operating systems (Windows, MacOS, Linux)
• Author comprehensive After Action Reports (AARs) that identify root causes and provide actionable recommendations to senior Cybersecurity leadership to prevent recurrence
• Mentoring junior analysts and conducting security awareness sessions across the company
• Deep technical expertise in cloud security services across a multi-cloud environment – solid understanding of cloud-native security logging and identity management, as well as experience in responding to cloud infrastructure security alerts (compute, containers, serverless, networking)
• Extensive experience building and tuning high-fidelity alerts in modern SIEMs (e.g., Panther, Snowflake, or Splunk) and EDR platforms (e.g., SentinelOne, Crowdstrike)
• Strong proficiency in Python or Go to build "security-as-code" tools, automate repetitive SOC tasks, and integrate disparate security APIs
• Forge partnerships across Cybersecurity, Engineering, and Product teams to help coordinate actions as part of responding to security events–from exercise driven scenarios to real-world events
• You don't wait for a ticket to fix a gap; you identify the risk, propose the solution, and drive it to completion
• Build a deep understanding of Flock’s technology stack (hardware and cloud), our threat landscape, and existing incident response playbooks
• Identify and implement at least two major automation improvements to our current alerting pipeline to reduce "alert fatigue."
• Conduct a gap analysis of our current logging and visibility across our enterprise, cloud, and product environments
• Begin participating in on-call rotation and assist with alert triage efforts
• Review current process for alert triage and suggest improvements
• Own a major component of our security roadmap (e.g., implementing a new Zero Trust architecture or maturing our SOAR capabilities)
• Own the maturation of security playbooks ensuring proper documentation across all areas of incident response

Skills

• Over 5 years of experience in Security Operations or Incident Response
• Advanced Incident Investigation: Lead deep-dive investigations into complex security incidents escalated from Tier 1, utilizing SIEM, EDR, and Cloud telemetry to determine scope and impact
• Containment & Remediation: Execute immediate containment strategies (e.g., host isolation, account resets, firewall blocks) and coordinate with IT and Engineering teams for full-system remediation across multiple operating systems (Windows, MacOS, Linux)
• Post-Incident Analysis: Author comprehensive After Action Reports (AARs) that identify root causes and provide actionable recommendations to senior Cybersecurity leadership to prevent recurrence
• Mentorship: A passion for raising the bar for the entire team by mentoring junior analysts and conducting security awareness sessions across the company
• Deep technical expertise in cloud security services across a multi-cloud environment – solid understanding of cloud-native security logging and identity management, as well as experience in responding to cloud infrastructure security alerts (compute, containers, serverless, networking)
• Extensive experience building and tuning high-fidelity alerts in modern SIEMs (e.g., Panther, Snowflake, or Splunk) and EDR platforms (e.g., SentinelOne, Crowdstrike)
• Strong proficiency in Python or Go to build 'security-as-code' tools, automate repetitive SOC tasks, and integrate disparate security APIs
• DFIR across Android IoT devices, or OT systems and networks
• Forge partnerships across Cybersecurity, Engineering, and Product teams to help coordinate actions as part of responding to security events–from exercise driven scenarios to real-world events
• 'Own It' Mindset: You don't wait for a ticket to fix a gap; you identify the risk, propose the solution, and drive it to completion

Benefits

• Use what you need PTO: We seriously mean it, plus 11 company holidays and your birthday off!
• Fully-paid [health benefits](https://drive.google.com/file/d/1W8o-fLMVCOWL9pYFAVSMsSTaJAA9Vm_J/view) plan for employees: including Medical, Dental, and Vision and an HSA match.
• Family Leave: All employees receive 12 weeks of 100% paid parental leave. Birthing parents are eligible for an additional 6-8 weeks of physical recovery time.
• Fertility & Family Benefits: We have partnered with [Maven](https://www.mavenclinic.com/), a complete digital health benefit for starting and raising a family. We will reimburse $10,000 a year for adoption, surrogacy, or fertility.
• Caregiver Support: We have partnered with [Cariloop](https://www.cariloop.com/) to provide our employees with caregiver support
• Spring Health: Spring Health offers a variety of mental health benefits, including therapy, coaching, medication management, and digital tools, all tailored to each individual's needs.
• Carta Tax Advisor: Employees receive 1:1 sessions with Equity Tax Advisors who can address individual grants, model tax scenarios, and answer general questions.
• WFH Stipend: $150 per month to cover the costs of working from home.
• Productivity Stipend: $250 per year to use on Audible, Calm, Masterclass, Duolingo, Grammarly and so much more.
• Home Office Stipend: A one-time $750 to help you create your dream office.

Company Overview

Company H1B Sponsorship