XOPS is a fast-growing startup building the future of observability and automation for IT operations. Our platform unifies complex system data to deliver visibility, control, and intelligent workflows across the enterprise, empowering IT teams to manage the entire employee technology lifecycle with precision. As industries embrace AI to automate cars, rockets, and even farming, IT operations remain reliant on spreadsheets and manual processes. We believe it is time for a change.

At XOPS, we are pioneering autonomous IT operations, freeing teams from tedious tasks and elevating them into strategic leadership roles. Our mission is to drive operational excellence, financial stewardship, and security across the enterprise, while transforming the employee experience. We are just getting started, and we are looking for exceptional teammates to help shape the future.

XperiencOps, Inc. is seeking an IT Security and Compliance Analyst to uphold our ISO 27001:2022/ISO 27018/SOC2 Type2 certifications and manage various aspects of our security and compliance framework. This role requires expertise in policy maintenance, security incident documentation, and vendor security assessments, preferably with experience using Vanta for compliance management.

Key Responsibilities

1. Security Architecture & Tooling
2. Design, deploy, and maintain SOC-related technologies, focusing on SIEM and IDS
3. Develop and refine security use cases, detection rules, correlation queries, and dashboards in SIEM tools to enhance threat detection and response
4. Optimize IDS solutions for cloud-native environments, ensuring actionable alerts for the SOC
5. SOC Operations & Threat Monitoring
6. Enhance threat detection and incident response strategies using SIEM analytics and IDS findings
7. Monitor logs, alerts, network traffic, and telemetry for Indicators of Compromise (IOCs) to identify threats across endpoints and cloud environments
8. Implement tuning strategies to reduce false positives and improve alert fidelity
9. Incident Response & Forensics
10. Lead investigations of security incidents from detection to resolution using SIEM and IDS insights
11. Perform root-cause analysis, gather forensic artifacts, and implement preventive measures
12. Document incident procedures, lessons learned, and recommendations for SOC maturity
13. Vulnerability Management
14. Assist in identifying, analyzing, and remediating vulnerabilities, collaborating with scanning and patch management tools

Requirements

1. Bachelor's degree in IT, Cybersecurity, or related field; certifications like ISO 27001/27018, CRISC, or CISM are advantageous
2. Proven experience in IT security and compliance, with knowledge of ISO standards and incident management
3. Familiarity with compliance tools, preferably Vanta, and vendor security assessments
4. Detail-oriented with strong analytical skills and ability to manage multiple priorities
5. Excellent written and verbal communication skills for conveying complex security information

Location

• This is a full-time, hybrid role based in Pleasanton, CA. The candidate must report to the office 3 days a week.

Estimated base salary range: $135,000 - $165,000 USD, depending on experience and qualifications. Salary is subject to market and individual assessment during the interview process.

Benefits

• Competitive salary, equity, and 401K
• Comprehensive health, dental, and vision plans
• Discretionary time off policy
• 11 paid holidays
• Hybrid work policy: 3 days in-office, 2 days remote
• Opportunity to be part of a growing startup making a significant impact

#J-18808-Ljbffr