Lead Security Triage Analyst

Job Description

Build the future of the AI Data Cloud. Join the Snowflake team.

AS A LEAD SOC ANALYST AT SNOWFLAKE, YOU WILL:

• Be the service owner of security triage in India through:
• Hiring, coaching, training, and supervising Triage Analysts.
• Performing quality assurance checks on their alerts.
• Maturing the security triage process.
• Work with other security teams to take on more triage tasks.
• Be part of a global team and learn from the industry's best-in-class experts.
• Serve as the front-line of our Incident Response Team.
• Triage security alerts and take remediation or escalation actions.
• Develop and maintain response playbooks and work instructions.
• Develop and lead meaningful automation initiatives.
• Hone your technical and analytical skills while gaining invaluable experience.

OUR IDEAL LEAD SOC ANALYST WILL HAVE:

• Bachelor's or Master's degree in Information Security or equivalent discipline.
• 5+ years on a Global SOC, Incident Response Team, or in a similar role.
• Demonstrated experience mentoring and teaching junior security analysts.
• Schedule flexibility to meet with counterparts in other regions.
• Strong communication and collaborative skills who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership.
• Knowledge of Industry Standard Security Frameworks/Processes
• MITRE ATT&CKu00AE
• NIST/SANS Incident Response Plan
• Cyber Kill Chainu00AE
• Experience working with a low-code / no-code automation or SOAR platform.
• Experience using investigative tools such as EDR, DLP, SIEM and querying across large datasets.
• Be proficient in analyzing email metadata and identifying spoofing and phishing attempts.
• Knowledge of Cloud Computing & Infrastructure. Examples include:
• Experience configuring and investigating: Virtual Machines, Web Servers, Load Balancers, Reverse Proxies, Firewalls, etc.
• Can explain the benefits of serverless computing (e.g., AWS Lambda).
• Investigative experience with one or more of the top three cloud providers (AWS, Azure, GCP).
• Infrastructure as Code
• Knowledge of networking and web protocols (TCP/IP, Subnetting, VLAN, NAT, DNS, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
• Technical knowledge of operating systems (Windows, Linux, Mac). Be able to analyze system logs and other data sources to identify potential security incidents.

BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING:

• Prior experience using Snowflake.
• Knowledge of SQL.
• Programming languages (Python, Go, etc).
• Regular expressions.
• Infrastructure as Code.
• CICD processes.
• Cloud & security certifications (Examples: AWS Certified Solutions Architect, Security+, GCIH)
• Containerization.

Snowflake is growing fast, and we're scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact