Senior Security Analyst I

We are looking for a highly experienced and motivated Senior Security Analyst who is passionate about advanced security monitoring, detection engineering, and threat hunting. As a Senior Security Analyst at DigitalOcean, you will lead and own critical aspects of our security monitoring program, shaping how we detect, respond to, and prevent threats. You will leverage deep expertise to engineer sophisticated detection capabilities, develop comprehensive metrics to measure program effectiveness, and drive continuous improvement across alerting and response functions. You will be a trusted member of Infrastructure Security and will collaborate closely with other cross-functional teams to close detection gaps and elevate the organization’s overall security posture.

What You’ll Be Doing:

• Lead real-time monitoring, triage, and analysis of complex security events, providing verifiable assessments of threats and incident severity.
• Engineer and automate advanced detection use cases across DigitalOcean's cloud and corporate environments, leveraging deep knowledge of adversary TTPs to design and implement scalable alerting solutions.
• Develop, track, and report on key metrics for security monitoring effectiveness and incident response performance, using data to drive improvements.
• Own and evolve the security monitoring program strategy, ensuring alignment with evolving threat landscapes and business priorities.
• Work closely with Infrastructure Security Engineers to identify log sources, integrate, and maintain data pipelines (e.g., log sources, forwarders, parsing, enrichment).
• Perform proactive threat hunting and hypothesis-driven investigations and investigate anomalous activity to uncover hidden or emerging threats within DigitalOcean’s environments.
• Mentor and guide lower level analysts, reviewing escalated incidents and providing technical leadership during incident response.
• Coordinate threat analysis using historical data and architecture diagrams to identify attack vectors.
• Collaborate with multiple teams to close monitoring gaps and improve overall security.
• Optimize security tools and processes to reduce false positives, improve detection fidelity, and automate response workflows where appropriate.
• Lead the creation and maintenance of detailed playbooks, runbooks, and documentation to standardize detection and response efforts.

What We’ll Expect From You:

• 5+ years of hands-on experience with SIEM platforms and endpoint detection tools, with proven impact on security monitoring programs.
• Demonstrated expertise in designing and tuning complex detection rules and alerting logic across diverse environments.
• Deep understanding of network and endpoint security, attack methodologies, threat actor tactics, and mitigation strategies.
• Experience in proactive threat hunting, vulnerability management, and coordinating with red teams or penetration testers.
• Proven leadership in driving security program initiatives, setting metrics, and influencing cross-team security strategy.
• Excellent communication skills for technical documentation, incident reporting, and mentoring less experienced analysts.
• Proven experience with scripting and query languages (Python, Bash, SQL) to automate detection and response workflows.
• Demonstrated proficiency in Linux, Windows, and macOS.
• Comfortable working in a fast-paced environment with a collaborative and growth-focused mindset.

Compensation Range:

• $140,800 - $176,000

*This is a remote role

JR: 2026-8010

#LI-Remote