Meet Our Team
Pega is an Enterprise Transformation Company that helps organizations build for change with enterprise AI decisioning and workflow automation. We offer a commercial SaaS version of our industry‑leading platform to our global clients. Pega was recently recognized as one of the "Top 10 Tech Winners For The AI Revolution" by industry analysts and has joined the S&P MidCap 400. On the frontlines of this success is the Pega Cloud Security Operations Center (CSOC). Our team of information security professionals protects Pega’s commercial cloud assets and offerings. We deter, detect, deny, delay, and defend against internal and external security threats. The CSOC provides monitoring, detection, and incident response services for Pega Cloud.
Picture Yourself at Pega
As a Senior Cloud Security Operations Analyst, you will play a critical role in ensuring the confidentiality, integrity, and availability of Pegas commercial cloud infrastructure and assets. You will be key in the continuous monitoring and protection of all global cloud security operations at Pega and an active participant in incident response efforts. You’ll help develop processes that drive proactive, automated detection and incident response tactics to support the quick resolution of cloud security events and incidents. You will collaborate with cross‑functional teams—security analysts, threat detection engineers, vulnerability analysts, security engineers, system administrators, and developers—to proactively identify potential security risks and vulnerabilities within our cloud environment. Your efforts will directly impact the security and trust our clients place in us, as we help them transform their business processes and drive meaningful digital experiences.
What You’ll Do at Pega
Daily
* Perform security monitoring of Pega Cloud commercial environments using multiple security tools and dashboards, including our SIEM platform.
* Perform security investigations to identify indicators of compromise (IOCs) and protect Pega Cloud and our clients from unauthorized or malicious activity.
* Actively contribute to incident response activities by identifying, containing, eradicating, recovering, and learning.
* Contribute to standard operating procedures (SOPs) and policy development for CSOC detection and analysis tools and methodologies.
* Assist in the development of playbooks for analysts to investigate both high confidence and anomalous activity.
Occasionally
* Perform threat hunts to identify evidence of attacker presence that may not be detected by existing mechanisms.
* Assist the threat detection team in developing high confidence Splunk notables focused on use cases for known and emerging threats.
* Assist in the development of dashboards, reports, and other non‑alert based content to maintain and improve situational awareness of Pega Cloud’s security posture.
* Assist in enhancing security incident response plans (IRPs), conducting thorough investigations, and recommending remediation measures to prevent future incidents.
Who You Are
You have an insatiable curiosity and an inborn tenacity for finding creative ways to deter, detect, deny, delay, and defend against bad actors. You have spent time in the security trenches and know what an efficient security operations center looks like. You have conducted in‑depth analyses of various security events and contributed to incident response efforts, developing new methods for detecting and mitigating threats. You bring cloud security experience and are ready to dive into cloud‑centric technical analysis and incident response to make Pega Cloud the most secure it can be.
Your Accolades
* SANS, Offensive Security, or other top‑tier industry‑recognized technical security certifications focused on analysis, detection, and/or incident response.
* Industry recognition for identifying security gaps to secure applications or products.
What You’ve Accomplished
* 4+ years of industry‑relevant experience, with a demonstrated working knowledge of cloud architecture, infrastructure, services, threats, and mitigations.
* 3+ years in operational SIEM roles, focusing on analysis, investigations, and incident response, particularly with Splunk Enterprise Security (ES) and Google Chronicle/SecOps.
* 3+ years of operational experience with EDR/XDR platforms and related analysis and response techniques.
* 2+ years of operational cloud security experience—preferably AWS and/or GCP—including knowledge of various cloud logs such as CloudTrail, Cloud Audit, GuardDuty, Security Command Center, VPC Flow, and WAF logs.
* A strong working understanding of UK cybersecurity and data protection laws and regulations (e.g., GDPR, UKCE).
* A solid foundational understanding of computer, OS (Linux/Windows), and network architecture concepts and related exploits/attacks.
* Excellent verbal and written communication skills, including poise in high‑pressure situations.
* A demonstrated ability to work in a team environment and foster a healthy, productive team culture.
It Would Be Nice If You Also Have
* Solid working knowledge of MITRE ATT&CK framework and the associated TTPs and how to map detections against it, particularly the cloud matrix portion.
* Familiarity with the OWASP Top 10 vulnerabilities and best practices for mitigating these security risks.
* Experience developing SOPs, incident response plans, runbooks/playbooks for repeated actions, and security operations policies.
* Experience with Python, Linux shell/bash, and PowerShell scripting.
Pega Offers You
* A robust global benefits program, including competitive pay, bonus incentive, and employee equity.
* An innovative, inclusive, agile, flexible, and fun work environment with opportunities to learn and grow.
* Access to cutting‑edge technologies and training resources for continuous learning and growth in cloud security.
* A culture that fosters collaboration, innovation, and work‑life balance, with team‑building activities and open discussions in daily/weekly meetings.
* Flexibility to work remotely when needed, supporting healthy work‑life integration.
* Gartner Analyst‑acclaimed technology leadership across our product categories.
Additional Information
Base salary range for this role is GBP annually. The role may also be eligible for an annual bonus or commission, as well as benefits and other incentives. The final compensation will be determined during the offer process based on the candidate’s education, experience, skills, and qualifications, as well as market conditions and may vary from the posted range. We will share information on benefits, bonus/commission, and other pay components for this role at the relevant recruitment stage.
Job ID: 23576
J-18808-Ljbffr