Security Operations Analyst

Security Operations Analyst


The Security Operations Center (SOC) Analyst is the first line of defense for the Information Security team at Workiva. This role is responsible for receiving, researching, triaging and documenting all security events and alerts as they are received as well as utilizing threat intelligence information to hunt for potential security issues across the entire enterprise. Alerts and events will be generated from Workiva’s endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third-parties and other sources. An analyst will interface with multiple groups and individuals across all organizations and teams throughout Workiva to help defend and maintain a strong security posture. The SOC analyst reports directly to the SOC manager and is a critical member of the team. This role will develop in-depth understanding of new trends and technologies related to information security and compliance, specifically those targeting cloud and software-as-a-service style enterprises, and they will contribute towards Workiva’s Information Security strategy and roadmap.


  • Assist in establishing and maintaining a mature and organized Security Operations Center through the evaluation of existing and proposed SOC policies, playbooks, and procedures.
  • Support cross team and department collaboration to monitor and respond to security events or reported issues as they arise.
  • Participate in regular incident responses, threat modeling activities, and retro exercises to hone and iteratively improve our detection, monitoring and reactive capabilities.
  • Stay current with and remain knowledgeable about developing threats through analyzing attacker tactics, techniques and procedures (TTPs) that target large cloud-first infrastructure and end user devices.
  • Define, create and maintain automation and orchestration solutions to automate, enrich and/or respond to ongoing threats and tasks.
  • Mature our incident response playbooks and procedures through triage, escalation, remediation and iterative documentation.
  • Research and explore new threat detection and hunting techniques across event data collected across multiple systems and environments.
  • Adhere to and establish service level agreements (SLAs) and create measurable benchmarks to show progress and improvement to Workiva’s defensive capabilities and coverage.

What You’ll Need

  • High School Diploma or equivalent combination of education and experience in a related field.

  • Strong ethical and discretionary ability to handle sensitive information and data
  • Strong communication & social networking skills (written, verbal, listening) to collaborate with other teams across the organization
  • Excellent critical thinking and problem-solving skills
  • Self-motivated to research with a strong desire to understand how things work.
  • Highly organized and efficient

  • Information security monitoring and response, security operations, or related experience, with working knowledge of/familiarity with the following areas: SIEM product, with Splunk and Splunk Enterprise Security; Cloud environment, with Amazon Web Services (AWS); Linux/Unix operating systems; General security principles, web applications and risk and compliance initiatives
  • Cloud experience preferred
Travel Requirement

  • Minimal, Up to 10%
Working Conditions & Physical Requirements

  • Reliable internet access for any period of time working remotely, not in a Workiva office.

How You’ll Be Rewarded

  • Base Pay Range in Colorado: $66,000 – $81,000
  • Discretionary bonus typically paid annually
  • Restricted Stock Units granted at time of hire
  • 401(k) match

The base pay range represents the low and high end of the hiring range for this job. Actual pay will vary and may be above or below the range based on various factors including but not limited to relevant skills, experience, and capabilities.

Read More Here


Posted on

January 12, 2022