Security Operations Analyst

About Attio

Attio is on a mission to redefine CRM for the AI era. We’re building the first AI-native CRM — designed for the most ambitious go-to-market teams. We recently announced our $52M Series B, led by GV (Google Ventures), with support from Redpoint, Balderton, Point Nine, and 01A. Our team thrives on solving complex technical challenges, delighting our users, and setting a new standard for the industry.

About The Role

The Security Operations Analyst is a mission-critical role within the Security, Infrastructure and Performance team, directly responsible for maintaining a vigilant and robust security posture for the entire organisation. This position focuses on the real-time protection of all organisational assets, infrastructure, and data.

The role requires a deep understanding of security frameworks, network protocols and adversarial tactics, techniques, and procedures (TTPs). The Analyst is the frontline defender, dedicated to ensuring business continuity and protecting the confidentiality, integrity, and availability of all critical resources.

Core Responsibilities and Duties

• Security Monitoring, Triage & Improvement: Rapidly detect and prioritise active threats and vulnerabilities through continuous monitoring (SIEM, EDR, Cloud), ensuring that insights from root cause analysis and proactive threat hunting are directly fed back into the engineering process and used refine detection capabilities.
• Incident Response: Serve as the initial responder to security events. Rapidly analyse, classify, and prioritise reported or detected security incidents, determining the scope, severity, and potential impact to the platform.
• Compliance: Enforce the compliance with internal security policies and regulatory requirements maintaining meticulous records of all detected security events, analysis findings, and incident response activities.

Competencies and Skills

Security Information and Event Management (SIEM) Platform Expertise:

• Must have: Hands-on experience in the operation, administration, and ongoing maintenance of a major SIEM platform.
• Desirable: Experience with Google SecOps (formerly Chronicle), including advanced knowledge of data ingestion, rule creation, dashboard development, and optimisation for performance and cost-effectiveness. The ability to leverage the platform for proactive threat hunting and complex query construction is expected.
• Desirable: Proficiency in Google SecOps (formerly Chronicle) SOAR (security orchestration, automation, and response) tooling. This includes developing SOAR actions and workflows to automate alert triage, immediate incident mitigation, and response procedures.

Security Incident Response:

• Must have: Proven experience in the end-to-end development, documentation, and execution of comprehensive security incident response playbooks and procedures.
• Must have: Practical experience in incident triage, containment, eradication, recovery, and post-mortem analysis for a wide range of security events (e.g., malware outbreaks, unauthorised access, data exfiltration, cloud compromises).
• Desirable: The ability to lead and coordinate incident response efforts across cross-functional teams under pressure is crucial.

Security Log and Network Analysis:

• Must have: Deep expertise in the analysis of security logs from diverse sources (e.g., operating systems, firewalls, endpoint protection, cloud environments) to identify anomalies, indicators of compromise (IOCs), and root causes of incidents.
• Must have: Expert-level knowledge of common attack vectors, attacker methodologies (e.g., MITRE ATT&CK framework), and techniques, tactics, and procedures (TTPs) used by various threat actors.
• Desirable: Comprehensive understanding of network protocols (e.g., TCP/IP, DNS, HTTP/S) and their associated traffic patterns to effectively detect malicious activity and understand its propagation.

Vulnerability Management:

• Must have: Solid familiarity with industry-standard vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7, Trivy).
• Desirable: Experience managing a vulnerability disclosure or bug bounty program. Testing disclosed vulnerabilities and working with external security researchers.
• Desirable: Experience in establishing, running, and managing a continuous vulnerability management lifecycle, including scanning, reporting, prioritisation, and tracking of remediation efforts in coordination with engineering and system owner teams.

Key skills/competency

• Security Operations
• SIEM (Security Information and Event Management)
• Incident Response
• Vulnerability Management
• Threat Hunting
• Cloud Security
• Network Protocols
• MITRE ATT&CK
• Log Analysis
• Security Compliance