Incident Response Analyst


Incident Response


Portland, OR

Acquia, is transforming the digital strategies of companies all over the world with our open cloud platform. We are passionate and relentlessly committed to helping our clients create digital experiences that are more relevant, personalized, and built for a fast-changing, always-connected, mobile-first world. Headquartered in the US, we have been named as one of North America’s fastest growing software companies as reported by Deloitte and Inc. Magazine, and have been  rated a leader by the analyst community and named one of the Best Places to Work by the Boston Business Journal. We are Acquia. We are building for the future of the web, and we want you to be a part of it. 

The Acquia Cyber Defense Center is in search of an Information Security Incident Response Analyst to help build Acquia’s Information Security Program. This is an opportunity to join a high performing team, working at the cutting edge of Cloud security. As a key contributor to our future growth, you will have a massive impact on thousands of customers, on a global scale, with leading tools and analytics. In this role, you will participate in incident management, forensic log analysis, malware analysis, security event monitoring, threat intelligence, and related activities.

Do you think like a hacker would, anticipating the moves and tactics that hackers would use to try and gain unauthorized access to Acquia environment? You stay current on the latest developments in security and exploits against cloud-based products. Your newspaper of choice is ‘Hacker News’ and Twitter. 


  • Perform real-time security event monitoring across all levels of the technology stack from AWS, to Linux OS to the Drupal platform. Work closely with stakeholders on triage and resolution of security alerts.
  • Participate in 24x7 monitoring, triage and response responsibilities for global team
  • Perform security log analysis and related digital forensics
  • Participate in security investigations and respond to information security incidents. Create incident documentation and drive the remediation resulting from the incident
  • Establish a trusted work relationship with peers and stakeholders in Engineering, QA, Operations, Pre-Sales, Professional Services, Account Management, Sales and IT by building strong relationships
  • Maintain general knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques
  • Actively monitor OSINT sources for threats against Acquia, its customers and affiliated partners
  • Develop relationships with customer security team to increase collaboration and efficiencies when responding to cyber attacks

Skills and Attributes 

  • Experience with security monitoring, and log analysis tools (triage, incident analysis, remediation)
  • Working knowledge of attack methods and mitigation strategies including DDOS, Man in the Middle, Brute Force, SQL Injections, Cross-Site Scripting, Cross-Site Forgery Request, etc
  • Basic understanding of Cyber threats including how malicious code works, laterally moves and proliferates
  • Deep, working knowledge of web, database, and OS server configuration (Linux, Apache, and MySQL preferred platforms)
  • Holistic understanding of the Internet and hosting from the network layer up through the application layer – cloud environments
  • Securing cloud based platforms such as Amazon AWS
  • Experience with monitoring tools and scripting
  • Respond positively to opportunities to be involved in brainstorming and iterative work. Handle times of change in a way that drives innovation and iteration.
  • Strong communication (oral, written, presentation), interpersonal and consultative skills are essential
  • Demonstrate inquisitiveness with regard to a wide range of issues and open-mindedness regarding divergent worldviews

Experience Requirements

  • BA or BS in Computer related field is preferred
  • Experience in the cloud based service model is preferred
  • 1-2 years of experience in information technology/security
  • Extensive knowledge of OSI stack and web-based infrastructure

Extra Credit: 

  • Cloud hosting experience (e.g., Amazon Web Services, Eucalyptus, OpenStack, CloudStack)
  • Monitoring tools (e.g., Nagios, Cacti, Ganglia, Splunk, Sensu, BMC, OpenView)
  • Drupal security experience
  • Configuration management (e.g., Puppet, Chef, Subversion, Git)
  • SIEM Tools (e.g. SumoLogic)
  • Scripting experience with PHP, Perl, Python, or Ruby
  • Scalable hosting cluster experience (e.g., nginx, Varnish, Network file systems, etc.)
  • Experience within a Security Operations Center (SOC).
  • Government Security Clearance
  • Experience working in a SOC / NOC or security monitoring and analysis related role is a plus

Acquia is an equal opportunity (EEO) employer. We hire without regard to age, color, disability, gender (including gender identity), marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other status protected by applicable law.