Where Data Does More. Join the Snowflake team.

AS A SOC ANALYST AT SNOWFLAKE, YOU WILL:

• Be part of a global team and learn from the industry’s best-in-class experts.

• Serve as the front-line of our Incident Response Team.

• Determine scope and impact. Without breaching SLAs, from an array of multiple alerting systems monitoring both corporate IT and production environments

• Triage security alerts and take remediation or escalate validated threats.

• Hone your technical and analytical skills while gaining invaluable experience.

• Follow and contribute to incident response playbooks and runbooks.

OUR IDEAL SOC ANALYST WILL HAVE:

• Bachelor's or Master's degree in Information Security or equivalent discipline.

• 2+ years on a Global SOC, Incident Response Team, or in a similar role.

• Ability to work 5:00 AM to 2:00 PM IST on one of two shifts:

  • Shift A: Sunday through Thursday

  • Shift B: Tuesday through Saturday

• Experience analyzing emails and determining if they are Phishing.

  • Email header analysis.

  • URL analysis.

  • Basic Dynamic & Static file analysis.

• Basic knowledge of SQL.

  • Ability to read and write SQL queries and operate across multiple tables.

  • Knowledge to modify existing SQL queries to solve new problems.

• Basic knowledge of Cloud Computing & Infrastructure. Examples include:

  • Knowledge of: Virtual Machines, Web Servers, Load Balancers, Reverse Proxies, Firewalls, etc.

  • Can explain the benefits of serverless computing (e.g., AWS Lambda).

  • Basic experience with one or more of the top three cloud providers (AWS, Azure, GCP).

• Strong understanding of networking basics (TCP/IP, HTTP, DNS, Subnetting, VLAN, NAT) and basic network and system forensic principles.

• Ability to analyze logs (Windows, Linux, cloud services) and identify abnormal patterns.

• Experience with the Linux CLI. Examples include:

  • Ability to navigate the OS & execute basic commands.

  • Interact with files and directories (e.g. create, read, update, delete).

  • Interact and navigate logs files (e.g. cat, less, head, more, tail, grep, awk, sed)

  • Know important files & directories (e.g. /etc/shadow, /var/log/, etc.).

  • Understand user & file permissions.

• Basic understanding of Containerization. Examples include:

  • Experience running a Dockerized application in the cloud or locally.

  • Ability to explain benefits and drawbacks of containerization.

• Proven understanding of fundamentals of object oriented programming.

• Excellent communication skills both verbal and written.

• Self-starter with a mindset of ownership and curiosity.

BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING:

• Prior experience using Snowflake.

• Python Programming.

• Regular Expressions.

• Knowledge and use of APIs.

• Experience working with a low-code / no-code automation or SOAR platform.

• Prior experience or working understanding/experience with security assessment/design review, and threat modeling

• Knowledge of Industry Standard Security Frameworks/Processes

  • MITRE ATT&CK®

  • NIST/SANS Incident Response

  • Cyber Kill Chain®

• Basic understanding of Infrastructure as Code (IaC).

• Certification in cloud platforms.

• Exposure to JIRA, Servicenow or other case management tools.

• Ability to communicate investigative/triage findings and action items to technical staff.

• Demonstrated experience in security competitions. Eg CTF, TryHackMe, or Hack the Box

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?

For jobs located in the United States, please visit the job posting on the Snowflake Careers Site for salary and benefits information:

careers.snowflake.com