Analyst Jobs at Figment

As a member of the Figment Security Team, you will work collaboratively with our 3rd party monitoring team to resolve security incidents as well as develop tools to improve incident response workflows. You will also create custom search queries, alerts, reports, and dashboards in the SIEM platform to optimize security effectiveness, define and maintain standard operating procedures and incident response playbooks, perform deep threat hunting analysis and respond to potential security threats, and stay current with threats, vulnerabilities and exploits across the industry.

You will utilize knowledge of security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting, and programming to actively monitor, scan and detect vulnerabilities, risks, exposures and intrusions and effectively translate highly technical information to internal customers in a way that supports CIS and broader Figment goals. You will support fellow security and platform engineers, and application developers with remediation recommendations and validation of corrective actions.

What you'll be doing...

• Document processes, procedures, and workflows for Blue Team operations.
• Schedule and review internal and external network, system, and application vulnerability scans.
• Manage and configure Identity & Access Management systems.
• Provide appropriate access to applications, systems, and data with advanced authentication.
• Create, maintain, and align Information Security policies and standards with industry best practices and business needs in the adoption of cloud services and technologies.
• Familiar with researching cyber adversary TTPs, IOCs, malware and infrastructure.
• Technical understanding of the MITRE ATT&CK Framework and Threat Modeling.
• Prepare strategies to protect high risk blockchain keys that have 100% online requirements.
• Communicate the importance of security to the wider organization in a clear and simple way.
• Develop comprehensive reports and presentations for both technical and executive audiences.
• Develop scripts, tools, or methodologies to enhance Figment’s blue teaming processes.
• Participate in security and platform reviews and audits.

Where you'll be working...

This role will be remote based

What we’re looking for...

You’ll need to have:

• Associate’s degree or two or more years of work experience
• Strong technical understanding of a variety of endpoint operating systems
• Strong knowledge of tools used for Blue Team operations including SIEM, endpoint protection, network detection, vulnerability scanning, cloud security, forensics and incident response.
• Experience with Identity Access Management (IAM) and/or Privilege Access Mgmt (PAM).
• Experience in Ping Identity or OKTA with account management, application on-boarding and troubleshooting.
• Knowledge of directory servers and LDAP protocol technologies (Active Directory)
• Understanding of security access controls, including Kerberos, Multi-factor authentication, Access Control List, SSH, RDP.
• Experience with SOAR, SIEM, threat intelligence platforms, vulnerability assessment tools, Cloud platforms, EDR, Cyber threats and attack vectors, exploitation methods, IOC and TTP's.
• Experience working with industry standard frameworks such as Cyber Kill-chain, NIST SP-800-53, and D3FEND.
• Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
• Experience with Red, Blue, or Purple teaming exercises.
• Familiarity with Terraform, Ansible, AWS, Azure, Kubernetes and Git.
• Strong technical writing and communication skills

Even better if you have:

• A degree in a technical field.
• Experience in Identity Management solutions (Ping Identity preferred)
• Experience with SIEM technologies (Splunk preferred)
• Working knowledge of Terraform, Ansible, AWS, Azure, GCP. Kubernetes and Git.
• Familiarity with common virtualization technologies like Docker, Kubernetes, and VMs.
• Solid understanding of TCP/IP with the ability to perform protocol-level network analysis.
• Solid understanding of various operating systems such as Windows/Linux/MacOS.
• Industry certifications such as CISSP, PNPT, CRTP, OSCP, AWS Security Specialty, Comptia Security+ or CySA+.
• Solid understanding of public cloud environments including AWS, Azure and GCP.
• Knowledge and understanding of security risks involving Web3, blockchain protocols, and smart contracts.