Security Engineering Analyst

At Weights & Biases, our mission is to build the best tools for AI developers. We founded our company on the insight that while there were excellent tools for developers to build better code, there were no similarly great tools to help ML practitioners build better models. Starting with our first experiment tracking product, we have since expanded our solution into a comprehensive AI developer platform for organizations focused on building their own deep learning models and generative AI applications.

Weights & Biases is a Series C company with $250M in funding and over 200 employees. We proudly serve over 1,000 customers and more than 30 foundation model builders including customers such as OpenAI, NVIDIA, Microsoft, and Toyota.

We are seeking a dedicated and skilled Security Analyst to help safeguard our data, applications, and infrastructure from security threats. As a Security Analyst at W&B, you will be responsible for detecting vulnerabilities, responding to security incidents, and maintaining a strong security posture across our systems.The ideal candidate will have hands-on experience in security operations, incident response, and vulnerability management. We are particularly looking for individuals with a solid technical foundation, proactive problem-solving skills, and a commitment to continuously improving our security landscape.

What you’ll achieve (Responsibilities)

• Monitor and Respond to Security Incidents:Continuously monitor alerts, logs, and network activity using security tools. Analyze security incidents, investigate breaches, and perform root cause analysis to mitigate risks.
• Vulnerability Assessment and Remediation:Regularly perform vulnerability assessments using tools like Nessus, Burp Suite, or custom scripts. Prioritize and remediate vulnerabilities in collaboration with the DevOps and infrastructure teams.
• Threat Hunting and Incident Response:Proactively identify potential security risks and anomalies through threat hunting. Lead or assist in security incident investigations, including forensic analysis and reporting.
• Manage Security Tools and Infrastructure:Deploy, configure, and optimize security tools (firewalls, SIEM, EDR). Ensure tools are effectively tuned to detect and prevent threats without overwhelming false positives.
• Collaborate with Development and Infrastructure Teams:Work closely with our development teams to implement secure coding practices, ensuring that applications and services are secure from the ground up (DevSecOps).
• Security Auditing and Compliance:Support security audits and ensure compliance with relevant standards and frameworks. Document security incidents, policies, and procedures for both internal use and external audits.
• Security Awareness Training:Develop and conduct security training programs for employees to improve awareness of common threats like phishing, social engineering, and best security practices
• Cloud and Container Security:Apply best practices for securing cloud infrastructure (AWS, GCP) and containerized environments (Kubernetes, Docker). Ensure the correct configuration and security of cloud resources.

What we’re looking for (Requirements)

• Educational Background:Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related technical field.
• Experience:2+ years of experience in a security analyst, security operations center (SOC), or penetration testing role.Experience with security tools such as SIEM, IDS/IPS, EDR, and firewalls.Strong understanding of network protocols, operating systems (Linux, Windows), and cloud security (AWS, GCP, Azure).
• Technical Skills:Proficiency with tools like Burp Suite, Nessus, Wireshark, Metasploit, and other security assessment tools.Familiarity with scripting or programming languages (Python, Bash, etc.) for automating tasks or writing custom tools.Knowledge of cloud security and DevOps practices, particularly securing Kubernetes and Docker environments.
• Preferred Certifications:
• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Expert (OSCE)
• Offensive Security Web Expert (OSWE)

We encourage you to apply even if your experience doesn't perfectly align with the job description as we seek out diverse and creative perspectives. Team members who love to learn and collaborate in an inclusive environment will flourish with us. We are an equal opportunity employer and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you need additional accommodations to feel comfortable during your interview process, reach out at [email protected].