Snowflake

Security Triage Analyst II

Snowflake

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Manual Apply

Salary

💰 $141,000 - $205,800 per year

Job Level

JuniorMid-Level

Tech Stack

AWSAzureCloudDNSGoogle Cloud PlatformLinuxMacOSSQLTCP/IP

About the role

  • Serve as the front-line of our global Incident Response Team
  • Triage security alerts for insider threats, product security incidents, and traditional security events
  • Determine the scope and impact of incidents from various alerting systems that monitor corporate IT and production environments, while staying within SLAs
  • Escalate validated threats or take remediation actions
  • Contribute to and follow incident response playbooks and runbooks
  • Provide incident support during major security incidents
  • Hone technical and analytical skills while gaining experience working with a global team and learning from industry experts

Requirements

  • 2+ years on a Global Security Operations, Incident Response Team, or in a similar role
  • A Bachelor's or Master's degree in Information Security or an equivalent discipline
  • Location: Pacific Time Zone
  • Experience analyzing phishing reports, including email headers, URLs, and dynamic & static file analysis
  • Ability to analyze host logs (Windows, Linux, MacOS) and identify abnormal patterns (processes from non-standard folders, bypass attempts, unusual network connections/requests)
  • Experience with one or more of the top three cloud providers (AWS, Azure, GCP)
  • Experience with console audit log investigations (e.g., CloudTrail)
  • Strong understanding of networking fundamentals (TCP/IP, HTTP, DNS, Subnetting, VLAN, NAT) and basic network and system forensic principles
  • Experience with the Linux CLI, including navigating the OS, executing basic commands, and interacting with logs and directories
  • Knowledge of important files and directories (e.g., /etc/shadow, /var/log/) and user/file permissions
  • Ability to read, write, and modify SQL queries
  • Proven understanding of fundamentals of object-oriented programming
  • Basic understanding of containerization and experience running a Dockerized application
  • Experience using security tools/platforms such as Snowflake, CrowdStrike, GitHub, GitLab, Sublime, Google Workspace Admin logs, Obsidian Security, Code42, Tines, GitGuardian
  • Team-first, no-ego mindset; excellent written and verbal communication skills; self-starter with ownership and curiosity
  • Willingness to participate in an on-call rotation (~once per quarter)