[Hiring] Security Analyst II @Bloomreach

Role Description

We are looking for a Security Analyst to join the Bloomreach GIST (Global Information Security & Technology) team to help protect our environment from threats, vulnerabilities, and sophisticated attackers. Your work will have a significant impact on numerous customers across various e-commerce verticals and hundreds of millions of online users. As a core member of our globally distributed 24/7 Security Operations Team, you are expected to work from one of our India offices (Bengaluru) or from home. This role is ideal for someone who has built a solid foundation in security operations and is ready to take the next step — owning more complex work, developing specialized skills, and contributing more meaningfully to the team's detection and response mission.

Your job will be (but not limited to):

• Monitor, analyze & interpret security/system/application/infrastructure logs for events, configuration irregularities & potential incidents.
• Leverage security tools, custom built dashboards and/or proactive identification approaches to detect anomalous activities.
• Monitor Cloud infrastructure for security-related events.
• Monitor threat/vulnerability landscape and security advisories, coordinate and escalate as appropriate.
• Collaborate with Product Security, Infrastructure Security, and GRC teams on cross-functional investigations and audit-related tasks as needed.
• Work with application security teams, product specialists, GRC, and legal teams on active incidents and/or investigations.
• Participate in a major incident call, document incident report summaries.
• Document, follow and execute standard operating procedures (SOPs).
• Documenting/Managing/maintaining & following use cases, playbooks and/or knowledge base articles.
• Work on incidents, requests related to security.
• Develop and maintain security detection use cases and alerts within SIEM platforms.
• Design and implement automation workflows using SOAR or similar security orchestration tools.
• Working knowledge of AI/LLM tools (e.g., Gemini, ChatGPT, Claude) and their application in security operations.
• Understanding of authentication mechanisms, including private/public key concepts, familiarity with command-line interfaces (CLI), IDE-based tools, and agent-based workflows.
• Awareness of API usage, token management, and secure handling of credentials.
• Own responsibilities within a shift with a positive mindset towards growth & upskilling.
• Engage & escalate issues as necessary.

Qualifications

• 3+ years of hands-on experience as part of a 24/7 Security Operations team or Cyber Fusion Center team supporting any one of the following as minimum: SaaS platform Security, Cloud Security, API/Container Security, Threat Intel/Hunting, Vulnerability Management.
• Hands-on experience and deep knowledge on usage of SIEM (Splunk preferred), SOAR, EDR (modules like TI, VM, DLP).
• Hands-on experience in using any of CSPM tools (SentinelOne, Falcon Horizon, Wiz, Sysdig, Prisma cloud, MS Defender).
• Hands-on experience assessing, interpreting & managing vulnerabilities using relevant tools (CS Spotlight, QualysGuard, Rapid 7).
• Hands-on experience of either AWS or GCP is a must.
• Should possess a positive attitude to participate, own & drive tasks for POCs for various tools.
• Understanding of risk frameworks.
• Ability to assess emerging trends & threats in the cyber security space.
• Good analytical, problem-solving, and interpersonal skills.
• Knowledge of NIST framework, OSINT standards, MITRE ATT&CK framework & cybersecurity incident lifecycle.
• Knowledge of network protocols, operating systems (Linux, macOS, Windows), and security fundamentals.
• Mandatory to work in a 24/7 rotation shift & weekends.
• Excellent command of communication in English being a good listener, speaker & reader.
• Basic scripting skills (Python, Bash, or PowerShell) for automating repetitive tasks.
• Strong analytical thinking and attention to detail.
• Good written and verbal communication skills.
• Curious and eager to learn.
• Team-oriented with a collaborative approach.
• Proactive mindset — takes initiative to improve personal skills and contribute to the team's knowledge and processes.
• Entry-level or intermediate security certifications (e.g., CompTIA Security+, CySA+, GSEC, or equivalent).
• Previous experience in a SaaS, e-commerce, or technology company.

Requirements

• In the first 30 days you will:
• Understand the roles & responsibilities of SOC team, in-scope vs out of scope tasks.
• Read & understand SOPs, Policies & working procedures of the team.
• Shadow peers in day to day work, overlook tickets, alerts, incidents, understand the current state of ongoing projects/enhancements etc.
• Understand the team's incident response procedures, escalation paths, and shift structure.
• Begin handling lower-severity alerts and incidents under guidance from senior analysts.
• In the next 30 days you will (60 days from start):
• Start owning incidents, tasks as independent contributor with a peer shadowing you.
• Participate in incident related calls, cross team/department meetings.
• Handle SIEM/SOAR/EDR events.
• Demonstrate consistent adherence to SOPs and ticket hygiene standards.
• Contribute at least one update or improvement to a runbook, playbook, or knowledge base article based on hands-on experience.
• In the next 30 days you will (90 days from start):
• Start documenting or tweaking existing SOPs, process documents.
• Bear responsibilities of representing team in forums/meetings/discussions.
• Start managing shift alone when needed.
• Adapt yourself to the service improvement mindset and contribute.
• Show measurable growth in investigation quality, speed, and documentation.
• Begin developing a specialization area (e.g., cloud security monitoring, detection engineering, threat intelligence) aligned with team needs and personal development goals.

Benefits

• A great deal of freedom and trust.
• Defined values and key behaviors embedded in processes like recruitment, onboarding, feedback, personal development, performance review, and internal communication.
• Flexible working hours to accommodate your working style.
• Virtual-first work environment with several Bloomreach Hubs available across three continents.
• Company events to experience the global spirit of the company.
• Support for volunteering activities — every Bloomreacher can take 5 paid days off to volunteer.
• Employee Assistance Program with counselors for non-work-related challenges.
• Subscription to Calm - sleep and meditation app.
• ‘DisConnect’ days for unwinding together and focusing on activities away from the screen.
• Extended parental leave up to 26 calendar weeks for Primary Caregivers.
• Restricted Stock Units or Stock Options based on role, seniority, and location.
• Participation in the company's success through performance bonuses.
• Employee referral bonus of up to $3,000 paid out immediately after the new hire starts.
• Celebration of work anniversaries — Bloomversaries!