Product Security Analyst III

Position Summary

By joining ExtraHop as a Product Security Analyst, you’ll directly contribute to strengthening the security posture and ensuring the secure operation of ExtraHop’s market-leading cyber security products. This is an opportunity to collaborate with top-tier professionals, to learn and innovate, and grow your skills in cyber, cloud and product security.

You will play a key role in defining and running security operations, including security monitoring, incident response and vulnerability mitigation. Collaborating across teams and supporting ExtraHop’s production cloud service offering, your work will have a direct impact on the success of the company and your fellow colleagues.

We are looking for candidates with prior cyber security operations and incident response experience and who have a good foundational understanding of web applications, public cloud infrastructure, Linux systems, and container technologies. 

Key Responsibilities

• Work with security information & event management (SIEM), endpoint detection & response (EDR), network detection & response (NDR) tooling and other systems to perform security investigations
• Operate and improve SIEM, EDR, NDR and others tools; implement, evaluate and tune detection rules
• Implement tools and scripts to automate monitoring and response activities
• Perform and/or lead security incident response activities
• Perform threat hunting activities to proactively assess system activity and search for indicators of compromise
• Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
• Contribute to vulnerability detection and response pipelines, including tools, reporting and tracking 
• Triage vulnerabilities; recommend and coordinate remediation actions 
• Collaborate with Product Security team members to contribute to standards, policies, procedures, documentation, and training 
• Other duties as assigned

Required Qualifications

• 4+ years of experience in cyber security or closely related roles
• 2+ years of which should be hands-on experience specifically fulfilling security monitoring, threat hunting and incident response duties
• Bachelor's degree or equivalent experience in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field
• Direct experience with a modern SIEM platform, including creating dashboards and searches, tuning detections, and responding to alerts
• Direct experience with server endpoint detection & response (EDR)
• Technical knowledge of Linux systems, web application security and cloud security, including security principles and best practices for cloud-based environments
• Proficient with security tools, including vulnerability scanners, ticketing systems
• Proficient with developing and refining Python code to integrate systems and automate response tasks
• Strong analytical skills to effectively manage and resolve security issues
• Proven ability to communicate complex security concepts
• Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
• Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each

Preferred Qualifications

• Direct experience with Splunk Enterprise Security, Crowdstrike Falcon, and ExtraHop RevealX NDR
• Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), and common compute services and data stores
• Experience working with container-based environments (Kubernetes, Docker, etc.)
• Holds one or more security certifications

The salary range for this role is $135,000 - $149,000 + bonus + benefits