IT Security and Compliance Analyst

XperiencOps, Inc. is in search of an IT Security and Compliance Analyst who will be crucial in upholding our ISO 27001:2022/ ISO 27018 / SOC2 Type2 certifications and managing various aspects of our security and compliance framework. This role demands a professional skilled in policy maintenance, security incident documentation, and vendor security assessments, preferably with experience using Vanta for compliance management.

Key Responsibilities
1. Security Architecture & Tooling

• Design, deploy, and maintain SOC-related technologies, with a particular focus on SIEM and IDS
• Develop and refine security use cases, detection rules, correlation queries, and dashboards SIEM tools to improve threat detection and response capabilities.
• Optimize IDS solutions to monitor and detect threats in cloud-native environments, ensuring clear and actionable alerts for the SOC.

2. SOC Operations & Threat Monitoring

• Optimize threat detection and incident response strategies using SIEM analytics and IDS findings.
• Monitor and analyze logs, alerts, network traffic, and telemetry for Indicators of Compromise (IOCs) to rapidly identify and respond to potential threats across endpoints and cloud environments.
• Develop and implement tuning and filtering strategies to reduce false positives and improve the fidelity of alerts generated by SIEM and IDS tools

3. Incident Response & Forensics

• Lead technical investigations of security incidents from identification through resolution, leveraging SIEM and IDS insights.
• Perform root-cause analysis, gather forensic artifacts, and implement long-term preventive measures in alignment with security best practices.
• Document incident response procedures, lessons learned, and recommendations to enhance readiness and maturity of the SOC.

4. Vulnerability Management

• Assist in the identification, analysis, and remediation of vulnerabilities, working closely with vulnerability scanning and patch management tools.

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field, with professional certifications in ISO 27001/27018, CRISC, or CISM being advantageous.
• Demonstrable experience in IT security and compliance, with a strong understanding of ISO certification requirements and security incident management.
• Familiarity with compliance management tools, preferably Vanta, and experience in conducting vendor security assessments.
• Detail-oriented with strong analytical skills, capable of managing multiple priorities in a fast-paced environment.
• Effective communication skills, both written and verbal, with the ability to convey complex security and compliance information clearly.

Location

• This is a full-time, onsite position based in our Pleasanton, CA office. The successful candidate will be required to report to the office 5 days a week.

Benefits

• Competitive salary with comprehensive benefits.
• An engaging role in a dynamic and growing company with opportunities for professional development and growth.
• A collaborative work environment where your contributions to IT security and compliance are highly valued.