Senior Security Operations Analyst

Job not on LinkedIn

November 11

Apply Now

Receive Emails with Similar Jobs

Extend

WebsiteLinkedInAll Job Openings

eCommerce • API • B2B

Extend is a company that helps merchants generate revenue and protect their customers through modern product and shipping protection solutions. They offer protection plans from product failure and accidental damage to shipping issues like porch pirates and damaged deliveries. Extend provides a platform that is easy to integrate with eCommerce platforms like Shopify and BigCommerce. This enables merchants to easily offer protection plans and manage claims, with most being resolved in 90 seconds or less. The company focuses on improving profit margins and enhancing the customer experience by offering easy claim filing and turning customers into long-term advocates.

201 - 500 employees

🛍️ eCommerce

🔌 API

🤝 B2B

📋 Description

• Serve as a core member of Security Operations, monitoring and triaging alerts from platforms such as SentinelOne and Wiz. Perform end-to-end investigations to identify, contain, and remediate threats and incidents, driving timely, appropriate response. • Proactively identify and assess vulnerabilities in infrastructure and code, working with development and other cross functional teams to address issues. • Contribute to the end-to-end detection lifecycle: model attacker behaviors (MITRE ATT&CK), write and test detections as code across security programs and tooling (SentinelOne, Wiz, Okta, AWS CloudTrail), and continuously enrich to reduce false positives and improve MTTD. Support data quality and telemetry onboarding, maintain response playbooks, and provide threat validation assistance across the business. • Assist teams with the application of secure configuration baselines and best practices in accordance with CIS Benchmarks, NIST, vendor hardening guides, and applicable compliance standards across all company computing assets. • Correlate endpoint and infrastructure telemetry to identify emerging threats. Curate and operationalize intelligence (IOCs, TTPs) into detections and response playbooks, and maintain vetted intelligence feeds. • Assist GRC initiatives by mapping controls to internal policies and frameworks (e.g., SOC 2, NIST CSF, NYC DFS 500), identifying gaps, supporting audits and evidence collection, tracking remediation, and maintaining policies and control documentation. • Work with engineering and business teams to champion security best practices, communicate risks to accountable owners, and assist with mitigation planning and execution.

🎯 Requirements

• 3+ years experience in a Security Analyst / Security Operations role • 3+ years experience with AWS CloudFormation, or other infrastructure-as-code systems (like Terraform) • 3+ years experience or certification in AWS serverless technologies (API Gateway, Lambda, S3, DynamoDB) • Certifications (one or more preferred): CISSP, CCSP, GIAC (GCIH/GCIA/GMON/GCED/GCFA/GREM), cloud security (AWS or cloud agnostic security specialty) or equivalent experience. • Proficiency with hands on management and use of SIEM, CNAPP, EDR, Vulnerability Management tooling, and Detection Engineering strategies. • Proficiency with AI technologies and the corresponding threat landscape and strategies for mitigation. Understands agentic workflows such as AWS Bedrock, MCP based workflows (or similar technologies) • Working Knowledge of best practices around security roles and responsibilities for AWS IAM • Experience working with observability services and tooling (including Coralogix, CloudWatch, OpenTelemetry) • Ability to perform in a high energy environment with dynamic job responsibilities and priorities.

🏖️ Benefits

• Competitive salary based on experience, with full medical and dental & vision benefits. • Stock in an early-stage startup growing quickly. • Generous, flexible paid time off policy. • 401(k) with Financial Guidance from Morgan Stanley.