Senior Security Analyst (MDDR Tier III)
The Company: Varonis (Nasdaq: VRNS) is a leader in data security, fighting a different battle than conventional cybersecurity companies. Our cloud-native Data Security Platform continuously discovers and classifies critical data, removes exposures, and detects advanced threats with AI-powered automation.
Thousands of organizations worldwide trust Varonis to defend their data wherever it lives — across SaaS, IaaS, and hybrid cloud environments. Customers use Varonis to automate a wide range of security outcomes, including data security posture management (DSPM), data classification, data access governance (DAG), data detection and response (DDR), data loss prevention (DLP), and insider risk management.
The Role: The Varonis MDDR team is a leader in global data detection and response services. We set the standard for monitoring, protecting, and managing data breach incidents. Our 24/7 global security service supports customers in investigating and responding to security incidents. As a Senior (Level 3) Security Analyst in our MDDR team, you will act as the technical lead and key escalation point for complex security incidents. In this role, you will lead intricate investigations, working directly with customers to assist them in investigating and responding to security incidents.
As a senior team member, you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities. You will collaborate with internal and external stakeholders to ensure best practices are followed across monitoring, detection, digital forensics, and incident response processes. This position requires a strong foundation in cybersecurity operations, a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR), and the ability to train others and develop complex processes and procedures to increase service efficiency.
The Requirements:
- 5+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response) at a global cybersecurity company.
- Strong knowledge of security concepts, such as MITRE ATT&CK, threat intelligence, malware analysis, and log analysis.
- Familiarity with common security tools and technologies, such as XDR/EDR/NGAV, DLP, DSPM, ISPM, ITDR, CWPP, CSPM, PAM, IAM, firewalls, and IDS/IPS.
- Advanced knowledge of SIEM technologies and/or big data analytics solutions for managing activity logs, including log collection, tuning, correlation, and analysis.
- Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
- Strong understanding of authentication protocols, both modern and legacy (Kerberos, NTLM).
- Proven ability to handle escalations from end to end, including incident scoping, identification, containment, eradication, recovery, and post-incident response activities such as documentation of lessons learned.
- Excellent communication skills in English (written and oral) to interface effectively with customers, peers, and leadership.
- Ability and desire to mentor and train less experienced analysts, providing feedback and sharing best practices.
- Strong analytical and problem-solving skills, with an eye for detail and the capability to deliver autonomously.
The Responsibilities:
- Incident Escalations & Investigations
- Serve as an escalation point for security alerts and incidents, ensuring timely and thorough investigations.
- Perform end-to-end incident handling, including incident scoping, identification, containment, eradication, recovery, and post-incident response activities such as documentation of lessons learned.
- Coordinate and communicate with customers, leadership, and other stakeholders throughout the incident response lifecycle.
- Understand, interpret, and analyze a diverse range of log sources.
- Proactively identify potential threats and anomalies, recommending and implementing improvements in detection logic.
- Training & Mentorship
- Assist in training and upskilling junior and mid-level analysts, including sharing best practices in investigations, threat hunting, and emerging threats.
- Provide guidance in troubleshooting escalated issues, ensuring efficient knowledge transfer and professional growth within the team.
- Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
- Provide feedback on gaps or improvements needed in processes, documentation, or technology.
- Work closely with Team Leads and other senior staff to align operational goals, SLA adherence, and service delivery standards.
- Communicate findings, root causes, and recommended actions to both technical and non-technical stakeholders clearly and effectively.
- Share insights and best practices with the broader team, championing a culture of continuous learning.
We invite you to check out our Instagram Page to gain further insight into the Varonis culture!
@VaronisLife
Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics