Information Security Risk Analyst
Indexed description
Job Responsibilities
- Develop, test, tune, and maintain SIEM detection rules, log correlation searches, alerts, dashboards, and analytics.
- Translate threat intelligence, adversary tactics, and emerging attack trends into actionable detections.
- Build and improve analytics to identify malicious behavior, compromised accounts, lateral movement, and anomalous activity.
- Use AI-driven analytics, UEBA, and behavioral baselining to identify activity that deviates from normal user, endpoint, network, cloud, and application behavior.
- Map detection content to MITRE ATT&CK tactics and techniques to identify coverage strengths and gaps.
- Partner with SOC analysts to improve alert triage, investigation playbooks, enrichment, and escalation criteria.
- Support Incident Response during active investigations by analyzing logs, identifying patterns, and developing new detections from lessons learned.
- Identify gaps in logging, telemetry, and visibility and recommend improvements to security monitoring coverage.
- Document detection logic, assumptions, data sources, expected behavior, response guidance, and tuning decisions.
- Track detection effectiveness, alert fidelity, false positive rates, detection coverage, and time-to-detect improvements.
Strong candidates will have experience in one or more of the following areas:
- Security Operations Center analysis
- Threat hunting
- SIEM rule development
- Threat intelligence analysis
- Incident response
- Detection tuning
- Behavioral analytics or UEBA
- Cloud, endpoint, identity, or network security monitoring
- Experience with SIEM platforms such as Microsoft Sentinel, Splunk, Exabeam, Securonix, or similar tools.
- Experience writing detection queries using KQL, SPL, SQL, or similar query languages.
- Familiarity with Microsoft Defender XDR, Defender for Endpoint, Defender for Identity, Microsoft Sentinel, Entra ID, or similar security platforms.
- Understanding of MITRE ATT&CK and common adversary tactics, techniques, and procedures.
- Experience using threat intelligence to create detections and threat hunting hypotheses.
- Experience with AI-assisted analytics, UEBA, anomaly detection, or behavioral baselining.
- Familiarity with cloud security monitoring across Azure, AWS, or Google Cloud.
- Ability to analyze logs from identity systems, endpoints, firewalls, proxies, email gateways, SaaS applications, and cloud platforms.
- Experience documenting detection logic, investigation steps, and response guidance.
- Scripting or automation experience with Python, PowerShell, Logic Apps, or similar tools.
- Familiarity with MISP, STIX/TAXII, threat intelligence feeds, or indicator management.
- Certifications such as GCIH, GCIA, GCDA, GMON, GCTI, GCFA, Security+, CySA+, CISSP, or equivalent experience.
Lam Research ("Lam" or the "Company") is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees.
Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories – On-site Flex and Virtual Flex. ‘On-site Flex’ you’ll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. ‘Virtual Flex’ you’ll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time.
Our Perks And Benefits
At Lam, our people make amazing things possible. That’s why we invest in you throughout the phases of your life with a comprehensive set of outstanding benefits.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search