SOC Analyst II

Position Overview:

We are seeking an autonomous and proficient Security Analyst with a passion for Cybersecurity, Fraud, and Abuse. As a Security Analyst at DigitalOcean, you will join a dynamic 24/7/365 team focused on identifying, investigating, and preventing fraudulent activities against DigitalOcean's platform.

What You'll Do:

• Actively monitor SIEM and internal dashboards for security events, fraudulent sign-ups, and platform abuses.
• Investigate, identify, and prevent or mitigate abusive activities such as intrusion attempts, DDoS, malware distribution, and phishing attacks originating from or targeting the DigitalOcean Platform.
• Leverage industry-standard security technologies including SIEM, EDR, and other monitoring tools to detect, investigate, and respond to security alerts.
• Perform basic analysis of malicious scripts or binaries found on the platform to understand threat actor intent.
• Conduct comprehensive analysis by correlating multi-source telemetry to map adversary TTPs, determine incident scope, and assess overall impact.
• Conduct proactive threat hunts to detect and eliminate security threats.
• Identify trends in abuse and threat vectors, communicate findings to leadership regarding extent and impact, and advocate for appropriate product changes to prevent future occurrences.
• Work within a ticket management system to achieve specific daily operational targets with quality resolutions.
• Vet abuse claims, respond to reporters, and assist customers in regaining access to the platform.
• Develop engineering approaches for gathering security data, transforming it into actionable insights, and collaborating with technical teams to resolve threats.
• Optimize processes to reduce false positives while effectively preventing malicious actors.
• Escalate security incidents to Senior Analysts or DFIR teams for deeper analysis and remediation as needed.
• Develop a thorough understanding of DigitalOcean's entire production environment, from applications to infrastructure, staying updated on material changes and future directions.
• Build strong collaborative relationships with other technical teams across our engineering and infrastructure functions.

Key Responsibilities:

• Security Operations Monitoring: Investigate and analyze detections from a diverse set of security tools within a high-availability, 24/7/365 operational environment to ensure proactive threat detection and continuous protection.
• Incident Response: Conduct thorough investigations of detections, evaluate the scope of attacks, identify affected systems, and determine necessary steps for further analysis.
• Threat Intelligence and Awareness: Stay informed on emerging and existing threats by analyzing attacker tactics, techniques, and procedures, and reviewing security event reports to proactively strengthen defenses.
• Abuse Operations: Respond to abuse reports and engage with customers to help them resolve system compromises and secure their exposed services.

What You'll Add to DigitalOcean:

• Bachelor's Degree or equivalent experience with 2 or more years of experience in Security Operations.
• Knowledge of Security Information & Event Management (SIEM).
• Knowledge of Security Operations Center (SOC) principles and practices.
• Understanding of TCP/IP concepts, application protocols, and experience working with Unix/Linux.
• Intellectual curiosity and self-motivation to perform complex tasks.
• Clear written and verbal communication skills, including technical writing and presentation abilities.
• Commitment to consistently improving security as the platform scales, driving continuous improvement through data collection and correlation, understanding that security should enable business efficiency rather than hinder it.
• Bonus: Ability to code, script, or automate classes of problems (e.g., Python, Bash, Go, Ruby).

This is a hybrid role based in Bengaluru, India.