Principal Cloud Security Operations Analyst

Meet Our Team

The Pega Cloud Security Operations Center (CSOC) is a team of information security professionals charged to protect Pega’s commercial cloud assets and offerings. Our mission is to protect Pega Cloud by deterring, detecting, denying, delaying, and defending against internal and external security threats. The CSOC provides detection, monitoring, and incident response services for Pega Cloud.

Picture Yourself At Pega

Pega is a leader in customer engagement and digital process automation offering a commercial SaaS version of our industry-leading platform to our global clients. As a Principal Cloud Security Operations Analyst, you will play a critical role in ensuring the confidentiality, integrity, and availability of Pega's commercial cloud infrastructure and assets. You will be key in the continuous monitoring and protection of all global cloud security operations at Pega as well as a leader during incident response efforts. As a key member of a team consisting of highly capable and talented problem-solving analysts and engineers, you’ll help develop processes that drive proactive, automated detection and incident response tactics to support the quick resolution of cloud security events and incidents.

You will accomplish this by collaborating with cross-functional teams – including other security analysts, threat detection engineers, vulnerability analysts, security engineers, system administrators, and developers – to proactively identify potential security risks and vulnerabilities within our cloud environment. You will leverage your strong analytical skills to assess and prioritize threats, applying your deep knowledge of industry best practices and cloud security frameworks.

As a Principal Cloud Security Operations Analyst at Pega, you’ll contribute to the success of our globally recognized brand. Your efforts will directly impact the security and trust our clients place in us, as we help them transform their business processes and drive meaningful digital experiences. So, picture yourself at Pega, where your expertise in cloud security is valued, and your passion for protecting data is celebrated. Join us in shaping the future of secure cloud operations and make a lasting impact on the world of technology.

What You'll Do At Pega

• Provide oversight for the analyst staff and manage daily operations including security monitoring of Pega Cloud environments and responding to internal security events/requests
• Lead security investigations and incident response activities to identify indicators of compromise (IOCs) and safeguard Pega Cloud and our clients
• Mentor and coach the CSOC analyst staff regarding analysis, investigations, incident response, threat hunting/detection, and other related operational work
• Function as a trusted advisor for the CSOC staff and the larger security organization within Pega’s Technical Services Operations (TSO) branch
• Develop and enhance standard operating procedures (SOPs) and security incident response plans (IRPs) for CSOC analysis and incident response methodologies
• Actively contribute to the feedback loop for our threat detection team in developing high confidence detections focused on use cases for known and emerging threats, based on hypotheses derived from the Pega threat landscape
• Assist in the development of playbooks for use by analysts to investigate both high confidence and anomalous activity
• Work closely with stakeholders to design and implement robust security controls, detection mechanisms, and incident response methodologies ensuring compliance with relevant regulations and standards
  
  

Who You Are

You have an insatiable curiosity with an inborn tenacity for finding creative ways to deter, detect, deny, delay, and defend against bad actors of all shapes and sizes. You have been in the “security trenches” and you know what an efficient security operations center looks like. You have conducted in-depth analyses of various security events/incidents, performed comprehensive incident response efforts, developed new methods for detecting and mitigating badness wherever you see it, and helped build successful security teams. You bring a wealth of cloud security experience to the table and are ready to harness that expertise to dive into cloud-centric, technical analysis and incident response to make Pega Cloud the most secure it can be.

What You've Accomplished

• 2+ years of operational experience working for a large cloud service provider, with solid working knowledge of the applicable threat landscape and attack surface considerations
• 4+ years of operational Splunk usage – primarily for analysis, investigations, and incident response including an in-depth use of Splunk Enterprise Security; creating focused Knowledge Objects such as correlation searches, notable events, dashboards, etc.
• 4+ years of operational AWS usage including knowledge and analysis of CloudTrail, CloudWatch, GuardDuty, Trusted Advisor, and WAF logs.
• Extensive operational experience analyzing security detections, performing investigations, and conducting incident response in multi-cloud (AWS/GCP/Azure) environments – working knowledge of the implications in a microservices architecture (EKS/GKE) is a big plus.
• Solid working knowledge of the MITRE ATT&CK framework and Cyber Kill Chain, and experience developing actionable use cases relevant to the associated TTP's
• A demonstrated working knowledge of cloud architecture, infrastructure, and resources, along with the associated services, threats, and mitigations.
• Working knowledge of GCP including analysis of Cloud Audit, Security Command Center, and WAF logs
• Operational experience with EDR/XDR platforms and related analysis and response techniques
• Solid working knowledge of the Linux OS and common attack methodologies
• Experience developing SOPs, incident response plans, runbooks/playbooks for repeated actions, and security operations policies
• Excellent verbal and written communication skills, including poise in high pressure situations
• Demonstrated ability to work in a team environment and foster a healthy, productive team culture
  
  

Bonus

• SANS, Offensive Security, or other top-tier industry recognized technical security certifications focused on analysis, detection, and/or incident response
• Automation experience leveraging API integrations and SOAR platforms
• Experience leveraging CSPM solutions to enforce cloud security best practices and enhance detection/analysis fidelity
  
  

Pega Offers You

• A robust global benefits program including a competitive pay + bonus incentive and Employee Equity in the company
• An innovative, inclusive, agile, flexible, and fun work environment full of opportunities to learn and grow
• At Pega, we believe in continuous learning and growth. You will have access to cutting-edge technologies and training resources, allowing you to stay at the forefront of cloud security.
• Pega's culture fosters collaboration, innovation, and work-life balance. You’ll participate in team-building activities and engage in open discussions during daily/weekly team meetings
• You will have the flexibility to work remotely when needed, allowing you to maintain a healthy work-life integration
• Gartner Analyst acclaimed technology leadership across our categories of products
  
  

Job ID: 20350