Lead SOC Analyst
We’re one of the fastest growing homeownership companies in America. Why? Because we’re making homeownership simpler, faster — and most importantly, more accessible for all Americans.
By combining smarter technology with a desire to not just change one piece of the journey but the entire makeup of what it’s like to buy and own a home in this country, we’re building things that don’t exist yet.
Better.com by the numbers:
- We fund $600 million in home loans per month
- Nearly $5 billion in loans funded since our inception in 2016
- 2 years running, we’re one of Crain’s “Best Places to work”
- We’re #11 on Fortune’s Best Places to Work in NYC
- And #964 on Inc.’s 2019 “5000 Fastest-Growing Companies”
- We’ve secured over $254 million from our investors to date
- ...and counting
We continue to outpace the industry at every turn. Our backers have helped build some of the most transformative tech and finance companies in history. Kleiner Perkins, Goldman Sachs, IA Ventures, Ally Bank, American Express, Citigroup, Activant Capital, and others have all invested in our vision of redefining the entire homebuying journey.
A Better opportunity:
Better.com is looking for a Lead Security Operations Center Analyst to lead the protection of our systems and data. The Lead SOC Analyst will be responsible for helping build out a fully functional SOC and implementing policies and procedures to ensure the security and integrity of our systems and data, providing operational oversight and complete life cycle management of cyber threats.
- Maintain a relationship with an external 24/7 SOC (MSSP)
- Build, Manage, and Lead an in house SOC team
- Respond, Investigate, Contain and Remediate security events utilizing a variety of security tools including EDR, IDS/IDP, Firewalls and SIEM software
- Lead and participate in technical after action reports and briefings on security events and potential threats with all relevant internal parties.
- Collaborate with networking, application engineering and security engineering teams to investigate incidents and provide proactive recommendations on preventing future incidents.
- Help craft and implement a vulnerability management program that includes proactive remediation, monthly testing and reporting
- Participate and support 3rd party security audits, penetration tests and other security assessments
- Recommend, and apply best practices for addressing ongoing threats
- Partner with security engineers to configure and manage security tools to ensure low levels of false positives and rapid response times
- Participate and lead our CSIRT team
- 6 or more years of experience in cyber security, specifically in network and web application security
- 2 or more years of experience in a senior SOC Analyst role or Lead position
- Thorough understanding of security assessment methodologies such as OWASP and CVE
- Thorough understanding of network protocols and routing
- Understanding of packet analysis and forensic tooling
- Experience working with third party MSSPs a plus
- Knowledge of firewall policies, IDS/IDPs, EDRs and other security tools
- Experience with security tooling and monitoring within the AWS landscape
- Python and Bash desired but not required
- Experience specifically with Palo Alto, Crowd Strike, Darktrace and Insight software (Rapid7) desired but not required (Fundamentals and experience trump tool-specific knowledge)
- Ability to be a part of an on-call rotation
- Security Certifications a plus but not required
- Familiarity of regulations, guidelines and certifications (e..g FFIEC, NY DFS, PCI, and SOC2) a plus but not required
Things we value:
- Curiosity. Why? How? Repeat.
- Nerdiness. Financial news and trends are fascinating. Seriously.
- Relentlessness. No one here gives up. We try. We fail. We try again.
- Passion. If you don’t get excited about homeownership, mortgages, and real estate, it simply won’t work.
- Smarts: book and street. We have to use all the tools at our disposal to build Better.
- Empathy and Compassion. You understand that people's biggest dreams are in your hands.
- Communication. Can you ask for help or put your hand up when you don’t understand?
- Building. Doing. Making. Yes, we have to do a lot of thinking and talking to figure this stuff out, but you can’t wait to leave the conversation and build it.