Datto protects business data and provides secure connectivity for tens of thousands of the world’s fastest growing companies. Datto’s Total Data Protection solutions deliver uninterrupted access to business data on site, in transit and in the cloud. Thousands of IT service providers globally rely on Datto’s combination of pioneering technology and dedicated services to ensure businesses are always on, no matter what. Datto is headquartered in Norwalk, Connecticut and has offices in Monroe, Rochester, Boston, Portland, Toronto, London, Singapore, Sydney, Frankfurt, and Amsterdam. Learn more at www.datto.com.

Datto is seeking an cyber incident analyst to enhance our existing security event monitoring practices as a key member of the incident management program. The cyber incident analyst will work closely with Engineering teams to advance intrusion monitoring visibility, workflows and program capabilities. The role will report directly to the Chief Information Security Officer. This is a hands-on technical individual contributor role that will work with a variety of tools to protect the Datto Cloud. Position is ideal for any individual with a passion for network and system defense that wants to learn and influence foundational improvements to intrusion monitoring and incident management in a large scale environment.

Responsibilities: 

• Lead intrusion monitoring efforts and enhancement projects of varying size and scope.
• Identify attacks against Datto infrastructure and leverage insights to improve the default security posture of infrastructure through controls improvement with various teams.
• Establish process and documentation that support achievement of compliance initiatives.
• Use knowledge of attacker TTPs (tactics, techniques and procedures), open source threat intelligence, system log and control event output to expand the monitoring rule base.
• Define thresholds for events vs. incidents for the organization, creates incident classification, severity, and prioritization using a data-driven and risk based approach.
• Conduct and analyze commercial or open source tools to support the above.
• Create, maintain and execute incident response playbooks as needed.
• Create and track investigations to resolution and coordinate escalation as needed.
• Think out of the box and solve complex security monitoring problems at scale while balancing stability, scalability and performance.

Desired Skills & Experience: 

• Bachelor degree in systems engineering, computer science, computer engineering, information technology, management information systems or equivalent work experience.
• 5+ years’ experience in an security event and intrusion monitoring role.
• Must have prior experience analyzing output of host-based security controls such as IPTables, mod_security, host-based intrusion detection (HIDS), file Integrity monitoring (FIM), etc. system logs such as authentication and web server logs
• Experience with security information and event management (SIEM) and log aggregation solutions like Graylog, ElasticSearch and Kibana (ELK), OSSIM, IBM QRadar, Splunk, etc.
• Experience with scripting and system automation (Bash, Python, Perl, Awk, etc). Experience leveraging OSINT threat intelligence to support monitoring workloads.
• Foundational understanding of networking is required.
• Familiar with SANS 20 Critical Controls, OWASP Top 10, Cyber Kill Chain and other frameworks.
• Relevant security certification such as GCIA, GCIH, SSCP and CISSP preferred.

Here at Datto our people are our greatest asset, which is why we offer a comprehensive and unique benefits package. Above and beyond the typical medical, dental and vision, we also offer a generous 401k plan with a significant employer match, unlimited paid time off, educational reimbursement, fitness reimbursement, and travel subsidies for commuters. We have a patent rewards program and various other fun perks and fringe benefits, including free lunch every Friday in all of our offices globally.