Security Analyst II

We are looking for an Autonomous and proficient Security Analyst who is passionate about Cyber Security, Fraud and Abuse. As a Security Analyst at DigitalOcean, you will join a dynamic 24/7/365 team dedicated to identify, investigate, and prevent fraudulent activities against DigitalOCean’s Platform. You will not only do that, 

What You’ll Do:

• Actively monitor SIEM, and internal dashboards for security events, and associated alert channels for incoming signals across cloud, identity, network, and infrastructure environments.
• Leverage industry standard security technologies such as SIEM, EDR and other monitoring tools to detect, investigate and respond to security alerts.
• Identify and close false positives, and recommend adjustments to detection logic or baselines to reduce alert fatigue over time.
• Contribute to schema normalization and log health reviews within the internal data analytics and log storage platform.
• Map detections to the MITRE ATT&CK framework to ensure coverage alignment with known adversary tactics, techniques, and procedures.
• Identify gaps in detection coverage and propose new use cases through an established internal Security Use Case Refinement process.
• Perform initial investigation and basic containment actions in line with documented playbooks.
• Maintain and contribute to standard operating procedures and playbooks for alert triage and response.
• Contribute to key security monitoring metrics including Time-to-Detect (TTD) tracking and related performance indicators.
• Share investigation insights, detection improvements, and tooling feedback during regular engineering sync sessions to drive continuous improvement across the program
• Escalating security incidents to Senior Analyst or DFIR teams as needed for deeper analysis and remediation.
• Establishing an understanding of DigitalOcean’s entire production environment, from applications to infrastructure, keeping up-to-date with material changes and future directions.
• Building strong relationships with the other technical teams across our engineering and infrastructure functions.

Key responsibilities:

• Security Operations Monitoring: Investigate and analyze detections from a diverse set of security tools within a high-availability, 24/7/365 operational environment to ensure proactive threat detection and continuous protection.
• Incident Response: Conduct thorough investigations of detections, evaluate the scope of the attack, identify affected systems, and determine the necessary steps for further analysis.
• Threat Intelligence and Awareness: Stay informed on emerging and existing threats by analyzing attacker tactics, techniques, and procedures, and reviewing security event reports to proactively strengthen defenses.
• Abuse Operations: responding to abuse reports and engaging with our customers to help them solve system compromises as well as secure their exposed services.

What You’ll Add to DigitalOcean:

• Bachelor's Degree or equivalent experience with 3 years of experience in Security operations. 
• Knowledge of Security Information & Event Management (SIEM)
• knowledge of the Security Operation Center (SOC)
• Experience working in continuous integration and continuous deployment environments.
• Good to have experience with SQL, YAML, and JSON.
• Intellectual Curiosity and Self-Motivation to perform complex tasks.
• Clear written and verbal communications skills to include; technical writing, presenting.
• Consistently improving security as the platform scales, driving continuous improvement through data collection and correlation, being mindful that security should be an efficiency enabler for the business - not a detractor.
• Bonus: Ability to code, script, or automate classes of problems rather than handling them manually (eg.Python, Bash, Go, Ruby)

 

This is a hybrid role based out of Bengaluru, India. 

#LI-Hybrid 

Client-provided location(s): Bangalore, India

Job ID: 7917804

Employment Type: OTHER

Posted: 2026-05-18T18:31:17