Senior Analyst CSIRT

Details

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems.

Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.

Security Operations Team

Security is a primary competency at Coinbase, and the Security Operations team keeps a watchful eye over every aspect of it. Every day, we go to battle against some of the most sophisticated attackers in the world to protect billions of dollars worth of digital assets and ensure that our customers and employees can enjoy a safe, trusted experience. As Coinbase scales globally, our team is scaling along with it, using a blend of tooling, automation, and strategic team growth to ensure that we’re well-equipped to protect the next billion users of crypto.

Responsibilities

• Serve as the first line of response when a security alert needs to be triaged, and lead the incident response/management as needed
• Refine detection rules to improve the signal/noise ratio
• Write runbooks for recurring incidents and automate them when repeated
• Partner with Trust & Safety and Threat Intelligence on attacker investigations to build TTP profiles
• Assist with Coinbase emerging Web3 launches around Incident Response and Threat Detection
• Participate in a light on-call rotation with global counterparts
• Mentor peers and share knowledge to lead a culture of excellence
• Collaborate with cross functional teams like engineering, product development, and compliance to ensure timely Incident Response

Requirements

• Practical security experience (incident response, malware analysis, investigating account compromises) for 7+ years
• Skilled at identifying threats and measuring coverage/visibility across diverse log sources including Multicloud, SaaS, Container environments, MnAs log sources
• Strong focus on automation to reduce manual work
• Experience using and building Jupyter Notebooks for investigations and automation
• Proficient in understanding and analyzing network and host level artifacts
• Excellent written and verbal communication skills
• High empathy and trusted by coworkers to solve security problems without judgment
• Performs well under pressure in high intensity environments

Nice To Haves

• Diverse perspectives or unconventional background
• Familiarity with blockchain and cryptocurrency
• Comfortable scripting and writing alert rules in Python and running SQL/Snowflake queries
• Good understanding of Cloud and SaaS technologies
• Skilled at analyzing data at scale and detecting adversary behavior
• Experience with OSINT and threat hunting
• Experience with incident response in cloud environments
• Familiarity with ATT&CK framework
• Experience analyzing attacker methodologies and building detections to enhance security posture

Benefits

• Medical insurance including Dental & Vision for employees and dependents
• Group Personal Accidental Insurance
• Group Term Life Insurance
• Employee Stock Purchase Plan (ESPP)
• Wellness Stipend
• Mobile/Internet Reimbursement
• Connections Stipend
• Learning and Development Allowance
• Employee Assistance Program
• Travel Medical Policy – Global Traveler
• Fertility Benefits
• Generous Time Off/Leave Policy