As the world’s leading provider of cloud-based software and technology solutions delivered by managed service providers (MSPs), Datto believes there is no limit to what small and medium businesses can achieve with the right technology. Datto offers Unified Continuity, Networking, and Business Management solutions and has created a one-of-a-kind ecosystem of MSP partners. These partners provide Datto solutions to over one million businesses across the globe. Since its founding in 2007, Datto continues to win awards each year for its rapid growth, product excellence, superior technical support, and for fostering an outstanding workplace. With headquarters in Norwalk, Connecticut, Datto has global offices in the United Kingdom, Netherlands, Denmark, Germany, Canada, Australia, China, and Singapore. Learn more at datto.com.

You will report to the Director of Security Operations. 

​​Datto, Inc. is seeking a Senior Security Analyst to conduct real-time analysis using SIEM and proprietary endpoint-based technologies. Your role will be to serve as technical lead in identifying and responding to cyber security incidents, performing digital forensics, conducting threat hunting and generally enhancing the defensive capabilities of the Security Operations Center (SOC). Ultimately, your purpose will be to help ensure Datto and its’ 18,000+ partners are able to respond effectively to whatever cyber threats impact them and our shared customers.

Additional responsibilities and functions:

• Assist Datto partners through the incident handling process across Windows, Mac, and Linux platforms, perform basic malware analysis, and create security incident reports
• Develop and improve processes for incident detection and the execution of countermeasures
• Produce high-quality written and verbal communications, recommendations, and findings to internal and external stakeholders
• Assist detection engineers in tuning detection rules to reduce false positives and noise
• Create automations and workflow improvements for SOC analysts to triage and respond to detected events
• Demonstrate industry thought leadership through blog posts, social media, and/or public speaking events

Required Skills:

• At least three years of experience in Security Operations, Endpoint Detection & Response (EDR) analysis, endpoint monitoring, and/or digital forensics
• Experience conducting or managing technical incident response for organizations
• Strong understanding of targeted attacks and able to create customized containment and remediation plans for compromised organizations
• Strong understanding of secure network architecture and networking principles
• Knowledge of MITRE ATT&CK™ behavioral techniques and how to detect them
• Knowledge of Windows, Linux and MacOS operating system internals
• Knowledge of regex and SQL-type query languages
• Knowledge of Systems Administration in order to implement and execute countermeasures and remediation
• Capable of completing technical tasks without supervision
• Must be willing to rotate between various shift schedules, including the possibility of nights or weekend

Desired Skills:

• Former experience in one or more areas: security operations, cyber threat hunting, Endpoint Detection and Response (EDR), detection signatures and analytics 
• Threat hunting & data analytics via tools like Elastic, Athena, or Redshift and SQL-like query languages
• Experience with scripting and interpreter languages, particularly bash and PowerShell
• Knowledge of offensive tools (e.g. Cobalt Strike, Mimikatz, Metasploit or Powershell Empire)
• One or more applicable certifications: i.e. GCFA, GCFE, GREM, GNFA, or OSCP