At Shutterfly, we make life's experiences unforgettable. We believe there is extraordinary power in the self-expression. That's why our family of brands helps customers create products and capture moments that reflect who they uniquely are.
Shutterfly is looking for a Sr. Security Operations Center Analyst (Defensive / Blue Team) to become a key member of our Security Operations Center (SOC) to monitor for malicious activity and act on alerts/detections, as well as investigate, respond (contain/triage/mitigate) and threat hunt. This analyst will collaborate with other members of the team to help simplify, streamline, automate and enhance the overall security capabilities of Shutterfly's Security Operations. This role is highly technical and requires advanced skills in intrusion detection, detection engineering, and threat hunting to identify credible risks/adversaries across all Shutterfly's systems. It centers as much on building, testing, and maintaining high-fidelity detections as it does on responding to them. A key to success for this role will be to collaborate with security engineers, developers, and business units to constantly improve the overall security posture at Shutterfly.
How can we apply threat modeling to daily security operations? How can we automate remediation and incorporate human judgement from users at scale? What open-source technology and OSINT can be applied as part of our toolset? If these topics excite you, then this role is for you.
What You'll Do Here:
- Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS/DLP solutions for detections/incidents and threat hunt for malicious activity. Investigate, contain, triage and mitigate as needed; as well as continuously tune rules to reduce false positives.
-
Provide incident response and be a key point of contact during all incidents; which includes investigation, correlation, triage, response, mitigation, ticketing, documentation and postmortem analyses. Note Shutterfly's analysts are empowered to work an alert from start to finish, including any containment, investigation and mitigative actions needed.
-
Detection Engineering: Design, develop, test, and maintain detection content - treating detections as code where feasible - map detection coverage against a framework such as MITRE ATT&CK, and continuously measure and improve detection fidelity and efficacy over time.
-
Develop, tune, and validate detections across EDR/IDS/IPS/DLP and SIEM solutions to improve detection, reduce noise, add IOAs, and retire low-value rules.
-
Purple Team Collaboration: Partner with the offensive/Red Team as the Blue Team counterpart to produce Purple Team outcomes. Use adversary emulation and Red Team findings to build and validate new detections, close coverage gaps, and drive measurable improvements to detection and response based on those findings.
-
AI-Augmented Operations: Leverage AI and LLM-based technologies to augment analysis and automation across the SOC - accelerating triage and investigation, enriching and correlating alerts, summarizing incidents, and reducing manual toil - while applying sound analyst judgement to validate AI-assisted outputs.
-
Partner with the Information Security Engineering team to ensure thorough, consistent tool usage and coverage, and to mature monitoring and response capabilities. Build security automation workflows, enrichments, and mitigations that integrate across complex systems and tools.
-
Evaluate SOC policies and procedures and recommend updates to management where appropriate.
-
Grow and mature our threat intelligence program - gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment.
-
Enhance our detection capabilities with correlation, situational awareness and intel enrichment.
The Skills You'll Bring:
- Proficient operator of security tools such as endpoint protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, WAFs, Edge/DNS security, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data loss prevention (DLP), etc.
-
Hands-on experience developing, tuning, and validating detection content (e.g., SIEM correlation/analytics and EDR detections), and familiarity with a detection framework such as MITRE ATT&CK.
-
2+ of the following certifications: CEH, CISM, GIAC, GCIH, GCIA, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, etc.
-
Linux/Unix OS, Windows and Mac administration skills
-
Intimate understanding of technology and be motivated to constantly learn new technologies.
-
Strong ability to learn and research new things, including tools, languages, frameworks, etc.
It's Not Required But It's Nice To Have:
-
Programming/scripting experience (bash, python, PowerShell)
-
Forensics or malware analysis experience
Supporting a diverse and inclusive workforce is important to Shutterfly not only because it directly reflects our value of Embracing our Differences, but also because it's the right thing to do for our business and for our people. We welcome all applicants and evaluate them based on their qualifications. Learn more about our commitment to Diversity, Equity, and Inclusion on our Career Site.
This position will accept applications on an ongoing basis until filled.
The compensation package for this role is based on multiple factors, such as job level, responsibilities, location, and candidate experience. The base pay ranges included below are specific to the locations listed, and may not be applicable to other locations.
California : [$108,500-154,000]
Connecticut and New York: [$108,500-141,000]
Colorado, Illinois, Minnesota and Washington: [$108,500-130,500]
Nevada: [$102,000-141,000]
Maryland and New Jersey: [$117,250-141,000]
Hawaii : [$102,000-122,750]
This position may be eligible for a bonus incentive, health benefits, a 401K program, and other employee perks. More details about our company benefits can be found at https://shutterflyinc.com/benefits/.
This opportunity can be remote, but candidates must reside in a state in which Shutterfly is registered to do business. This includes all US states except District of Columbia, North Dakota, Mississippi, Rhode Island, Vermont, and Wyoming.
This position will accept applications on an ongoing basis until filled.
#SFLYTechnology