Security Operations Analyst III
As a Security Operations Analyst III at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our 300+ million users who entrust Vimeo with their content every day.
You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles, and are a great team player.
This role is on-call once a month.
What you'll do:
Depending on your preferences and the current needs of the team, you may either focus on just some of the following areas, or you may choose to become involved with all of them.
You will act as the primary analyst for security incidents detected by EDR and other security monitoring solutions.
Analyze and triage security alerts, prioritizing based on severity, potential impact, and threat intelligence
Conduct security assessments of our systems and infrastructure to identify vulnerabilities and risks, identify risk owners, and implement mitigating controls.
Implement and operate cloud security hardening and cloud security posture management across Google Cloud and AWS.
Collaborate with SRE, AppSec and Information technology around vulnerability management, detection, and response.
Automate security processes using scripting and other automation tools.
Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards
Help strengthen our own internal processes and procedures
Skills and knowledge you should possess:
3+ years of experience in security operations, incident response, or vulnerability management
2+ years of hands-on experience with EDR platforms (CrowdStrike)
Strong understanding of security frameworks such as NIST, MITRE ATT&CK, and incident response methodologies
Familiarity with SIEM platforms and log analysis techniques
Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
Good communication and interpersonal skills.
Bonus points (nice skills to have, but not needed):
Knowledge of cloud security principles and tools (AWS, GCP security services)
Experience with container security and orchestration platforms
Experience with vulnerability management tools (Wiz, Qualys, Rapid7, etc.) and vulnerability assessment methodologies
Knowledge of common attack vectors, malware analysis, and digital forensics principles
Experience with scripting languages (Python, PowerShell, Bash) for automation tasks
Relevant certifications such as CISSP, CCSP, or AWS Certified Security Specialty are a plus.
Experience with automation tools such as Terraform, Ansible, or Chef.
Understanding of compliance frameworks (SOC 2, HIPAA, FedRAMP)
Base Salary Range:
NYC Metro, Bay Area, Seattle, & Los Angeles: $101,000 to $139,250
All other US cities outside above metro areas: $90,900 to $125,325
At Vimeo, we strive to hire and nurture amazing talent across the globe. Actual salaries will vary depending on factors including but not limited to experience, specialized skills, internal alignment, and location. Base salary is just one component of Vimeo's total rewards philosophy.
We offer a wide range of benefits, perks, variable compensation and where eligible long-term incentive programs.
We also offer paid time off, generous 401k match, commuter benefits, Health Savings Account (HSA), Flexible Spending Account (FSA), fertility reimbursement, group term life insurances, wellbeing resources, and more.
#LI-MM1
About the job
Apply for this position
Security Operations Analyst III
As a Security Operations Analyst III at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our 300+ million users who entrust Vimeo with their content every day.
You’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles, and are a great team player.
This role is on-call once a month.
What you'll do:
Depending on your preferences and the current needs of the team, you may either focus on just some of the following areas, or you may choose to become involved with all of them.
You will act as the primary analyst for security incidents detected by EDR and other security monitoring solutions.
Analyze and triage security alerts, prioritizing based on severity, potential impact, and threat intelligence
Conduct security assessments of our systems and infrastructure to identify vulnerabilities and risks, identify risk owners, and implement mitigating controls.
Implement and operate cloud security hardening and cloud security posture management across Google Cloud and AWS.
Collaborate with SRE, AppSec and Information technology around vulnerability management, detection, and response.
Automate security processes using scripting and other automation tools.
Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards
Help strengthen our own internal processes and procedures
Skills and knowledge you should possess:
3+ years of experience in security operations, incident response, or vulnerability management
2+ years of hands-on experience with EDR platforms (CrowdStrike)
Strong understanding of security frameworks such as NIST, MITRE ATT&CK, and incident response methodologies
Familiarity with SIEM platforms and log analysis techniques
Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
Good communication and interpersonal skills.
Bonus points (nice skills to have, but not needed):
Knowledge of cloud security principles and tools (AWS, GCP security services)
Experience with container security and orchestration platforms
Experience with vulnerability management tools (Wiz, Qualys, Rapid7, etc.) and vulnerability assessment methodologies
Knowledge of common attack vectors, malware analysis, and digital forensics principles
Experience with scripting languages (Python, PowerShell, Bash) for automation tasks
Relevant certifications such as CISSP, CCSP, or AWS Certified Security Specialty are a plus.
Experience with automation tools such as Terraform, Ansible, or Chef.
Understanding of compliance frameworks (SOC 2, HIPAA, FedRAMP)
Base Salary Range:
NYC Metro, Bay Area, Seattle, & Los Angeles: $101,000 to $139,250
All other US cities outside above metro areas: $90,900 to $125,325
At Vimeo, we strive to hire and nurture amazing talent across the globe. Actual salaries will vary depending on factors including but not limited to experience, specialized skills, internal alignment, and location. Base salary is just one component of Vimeo's total rewards philosophy.
We offer a wide range of benefits, perks, variable compensation and where eligible long-term incentive programs.
We also offer paid time off, generous 401k match, commuter benefits, Health Savings Account (HSA), Flexible Spending Account (FSA), fertility reimbursement, group term life insurances, wellbeing resources, and more.
#LI-MM1