Secops Analyst

Senior Security Analysts at Level 2 & Level 3 play a pivotal role in Vista's Security Operations Centre (SOC), with a focus on proactive threat hunting, detailed forensic investigations, and end-to-end incident response management.The role requires advanced skills in threat detection and mitigation, complemented by expertise in threat intelligence integration, incident lifecycle management, and collaboration across teams. Proficiency in using Machine Learning (ML), Generative AI (GenAI), and Agentic AI systems for threat detection, automation, and adaptive response is highly valued.About the roleCore Security OperationsMonitor security events in real-time using SIEM platforms, IDS/IPS, and EDR tools to detect and respond to anomalous activity.Conduct proactive threat hunting to identify indicators of compromise (IOCs), advanced persistent threats (APTs), and potential vulnerabilities in the organisation's environment.Forensic analysis of compromised systems, networks, and applications to determine the root cause, scope, and impact of incidents.Manage the complete incident response lifecycle:Triage and classify incidents, execute containment strategies.Lead major incident response efforts, including eradication, recovery, and post-incident reviews, ensuring root causes are addressed.Proactive Threat Hunting and ForensicPerform deep-dive investigations to uncover undetected threats using advanced search capabilities and forensic tools.Analyse malware samples, logs, and network traffic to identify attack techniques, tactics, and procedures (TTPs).Continuously enhance detection and response capabilities by developing new threat detection rules, scripts, and automation workflows.Lead forensic investigations, leveraging tools like EnCase, FTK, or Autopsy to collect, analyse, and preserve digital evidence for internal or legal purposes.Incident Response ManagementEstablish and refine incident response playbooks to streamline workflows and improve incident-handling effectiveness.Collaborate with stakeholders across DevOps, ICT Operations, and Risk teams during live incidents to minimise impact and ensure swift resolution.Conduct post-incident reviews to identify lessons learned, root causes, and opportunities for improvement.Develop and implement automated incident response processes using SOAR platforms and AI-driven tools.Threat Intelligence and Continuous ImprovementIntegrate threat intelligence feeds into SOC workflows to enhance visibility and detection capabilities.Conduct regular simulations of attack scenarios using techniques like red teaming, blue teaming, and purple teaming.Use insights from threat hunting and incidents to continuously improve security controls, detection rules, and playbooks.Optional: Knowledge of AI and Emerging TechnologiesImplement ML models to enhance anomaly detection, behavioural profiling, and predictive risk analysis.Use Generative AI (GenAI) for automated creation of incident response playbooks, phishing simulations, and threat report generation.Deploy Agentic AI systems for autonomous threat detection, adaptive response execution, and dynamic risk prioritisation.Additional ResponsibilitiesEnsure compliance with regulatory and organisational standards (e.g., GDPR, ISO 27001, SOC 2, NIST CSF).Contribute to the creation of SOC metrics, dashboards, and monthly reports, providing insights into the security posture and operational maturity.Maintain and document forensic evidence, incident logs, and detection methodologies in a secure and consistent manner.Participate in regular security audits and assist in penetration testing efforts where necessary.Qualifications and experience:A degree in Cybersecurity, Computer Science, or related technical fields, or equivalent work experience.Level 2: Minimum 1–3 years' experience in SOC operations, incident response, and threat detection.Level 3: Minimum 3–5 years' experience, with proven expertise in advanced threat hunting, forensics, and managing critical incidents.Familiarity with compliance frameworks such as ISO 27001, SOC 2, PCIDSS or NIST CSF.Knowledge of DevOps / Repo, deployment pipelines, and approval processes for IaC (infrastructure as code).Understanding of distributed architecture, service mesh, or AKS or Kubernetes.Experience in scripting or automation (e.g., Python, PowerShell) to improve detection and response capabilities.Optional but appreciated knowledge:Strong knowledge of Machine Learning (ML) for cybersecurity use cases, such as anomaly detection and user behavioural analytics (UBA).Familiarity with Generative AI (GenAI) tools for phishing simulations, report generation, and SOC task automation.Experience with Agentic AI systems for autonomous incident response workflows and adaptive defence.Hands-on experience with AI-powered SOC tools like Darktrace, Vectra AI, or SentinelOne.Certifications (preferred but not mandatory):Level 2: CompTIA Security+, GIAC Certified Incident Handler (GCIH), or EC-Council Certified SOC Analyst (CSA).Level 3: Certified Information Systems Security Professional (CISSP), GIAC Certified Forensic Analyst (GCFA), or Certified Cyber Threat Hunter (CCTH).We are currently only considering applicants with an existing right to work in NZ, without the need for employer sponsorship, for this position.About VistaVista is a world-leading company that makes software for the cinema industry. Started in Auckland, New Zealand, over 25 years ago, we now serve cinemas, film distributors, and moviegoers worldwide.Our HQ is in the City Works Depot in Auckland. We have offices and subsidiary companies in Sydney, Los Angeles, London, Amsterdam, Cape Town, Shanghai, Mexico City, and Kuala Lumpur. We use the latest technologies and offer a fun, agile and collaborative environment. We continue to innovate and build our reputation as one of the best Kiwi tech companies to work for.Shared StandardsOur Shared Standards act as a compass for how we work together and reflect the behaviours we value at Vista Group. The way in which each member of our crew embodies these Shared Standards is an indicator for performance and success, as it aligns with our vision and strategy.One CrewWe're a diverse team, in different places and functions, and we're at our best when we connect, help and collaborate.Shine a LightWe communicate openly, we explain the why, and we ask when we don't understand. We don't leave people in the dark.Make it HappenWe make good things happen as people and as teams through our focus on delivery.Chase GreatWe challenge ourselves and each other to keep improving.You will be supported to continually learn and improve your tech skills, share knowledge and ideas in the team, and be part of a dynamic and open culture.We have a range of benefits that include:Excellent work/life balance, including a 4 ½ day working week.Hybrid working (home and office based split, requiring regular weekly attendance in the Auckland office).Medical and Life insurance.Extended sick leave, paid parental leave and wellness benefits.Strong mentoring & career development focus.Fun team events including the Vista Innovation cup and our Christmas party.If you enjoy a challenge and working in a dynamic and collaborative team, you'll love working at Vista.We value inclusivity, celebrate diversity, and are committed to offering equal opportunity to our staff and candidates — regardless of gender, age, race, ethnicity, marital status, disability, sex, sexual orientation, religious, ethical beliefs, or political opinion. This commitment is reflected in all our employment policies and procedures.
#J-18808-Ljbffr