10 Jul
Senior Security Analyst
Colorado, Boulder

LogRhythm, The Security Intelligence Company, is looking for an experienced security professional with a desire to both impact the most innovative security analytics products in the market and protect the company that builds them. Do you have a passion for finding weaknesses and exploiting them? Do you know how to leverage the tactics, techniques, and procedures of the various threat actors? Do you want the responsibility of ensuring that none of this is ever successfully used on our systems, our products, or our customers? If so, then please apply.

The Security Practitioners at LogRhythm have the latitude to make an impact in a space that is solving serious real world problems. We have all those cultural nuggets that you will find at a growing tech company. Our environment naturally steers towards high performers that relish the opportunity to collaborate with great security professionals committed to pushing the limits when it comes to ethical hacking, active defense and anomaly correlation, where the threat landscape can change on a dime.

Responsibilities
Management of technology, performance of vulnerability assessments and penetration tests, security lifecycle development, and analytics corporate wide.
Establish processes, standards, and procedures in accordance with our vulnerability and patching policies, metrics and reporting.
Work closely with Engineering to ensure the security of LogRhythm’s product offerings and services. This includes manual and automated code review, manual penetration testing, vulnerability scanning, exploit development, reporting, and issue tracking.
Evaluate, triage, prioritize, and respond to vulnerabilities and events within both the product and corporate network.
Partner with others throughout the organization to build security processes into the software development lifecycle.
Develop integrations with automated code review and vulnerability scanning systems into Engineering ticketing and triage infrastructure.
Assist with ongoing security operations tasks – incident response, malware analysis, forensic investigations, threat hunting, and security architecture.
Develop integrations with LogRhythm’s security infrastructure to automate SecOps processes.
Perform risk assessments of new projects and services that will be integrated within LogRhythm’s infrastructure.
Develop and enforce corporate information security policies, standards, and guidelines.

Requirements
Security professional with at least 5 years of hands-on deep technical experience in the industry
Source code review, software security, policy, and penetration testing experience
Excellent communication skills – both written and verbal
Deep understanding of endpoint, application, and network security
Experience with in-depth software exploitation and exploit development methodologies
Experience in web application exploitation – XSS, SQL Injection, CSRF, RCE, etc.
Understanding of SIEM technology and network forensics
Demonstrable experience with one or more of the following:
Python, PowerShell, Bash, PHP, HTML, .NET, C#
Security Certifications are nice to have but not required. A few recommended ones:
OSCE, OSCP, GXPN, GPEN, GWAPT, GREM, GCIH, CISSP, etc.
General understanding of industry standards, compliance, and legal guidelines:
ISO 27001, NIST 800-53, SOC2, SSAE 16, SOX, etc.

LogRhythm is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.


Related jobs