CSOC Analyst

<div class="content-intro"><p>Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including GitHub, Yelp, Paramount, and JetBlue.</p> <p>We're building a more trustworthy Internet. Come join us.</p></div><h2><strong>CSOC Analyst - London, UK</strong></h2> <p>Fastly is seeking a CSOC Analyst to join our dedicated Customer Security Operations Centre. In this role, you will be a frontline defender for Fastly’s global enterprise customers. You will leverage our edge cloud platform and an array of security products in monitoring traffic, detect sophisticated anomalies, and deploy real-time mitigations against DDoS, Bot and Web Application attacks.</p> <p>This is a high-impact role where you act as a strategic partner for our Managed Security Service (MSS) clients, providing the expert visibility and rapid response necessary to address internet-scale threats.</p> <h3><strong>What you’ll Do: </strong></h3> <ul> <li> <p>Active Incident Response: Lead the identification and mitigation of high-impact security events. You will analyze sophisticated traffic patterns and implement precise countermeasures, including rate limiting and custom WAF Security rules to neutralize threats in real-time.</p> </li> <li> <p>Managed Security Delivery: Serve as a primary security consultant for MSS Customers. This involves continuous tuning and refining of security policies to optimize detection accuracy and maintaining a hardened security posture tailored to each client's unique environment.</p> </li> <li> <p>Advanced Threat Hunting: Conduct data-driven investigations using log analysis to uncover potential threats and hardenings opportunities </p> </li> <li> <p>Security Intelligence Reporting: Author comprehensive After Action Reports (AARs) and monthly security summaries. You will translate complex telemetry and attack data into high-level actionable insights for customer stakeholders.</p> </li> <li> <p>Strategic Communication: Act as the Subject Matter Expert (SME) during active security incidents. You will provide clear, calm, and professional guidance via real-time communication channels, ensuring customers are informed and confident in our defensive strategy.</p> </li> </ul> <h3><strong>What we are looking for: </strong></h3> <ul> <li> <p>Web Security Expertise: Comprehensive understanding of the OWASP Top 10 and advanced attack vectors (e.g., Credential Stuffing, API Abuse, and Layer 7 DDoS). You can interpret raw payloads to distinguish between malicious intent and legitimate traffic.</p> </li> <li> <p>Protocol Proficiency: Deep technical knowledge of the internet stack, specifically HTTP/S, TCP/IP, DNS, and TLS. You should be comfortable analyzing handshake processes, header structures, and status codes.</p> </li> <li> <p>Analytical Rigor: A methodical approach to digital forensics and incident response. You possess the ability to correlate disparate data points within JSON or CSV logs to reconstruct an attack narrative.</p> </li> <li> <p>Communication Excellence: The ability to distill complex technical findings into concise, professional, and empathetic communications for both technical and non-technical audiences.</p> </li> </ul> <h3><strong>We’ll be super impressed if you have experience in any of these: </strong></h3> <ul> <li> <p>Proficiency in Python or Bash for log parsing and workflow automation.</p> </li> <li> <p>Experience with Infrastructure as Code/Security as Code(SaC) (Terraform) or edge-based configurations.</p> </li> <li> <p>Industry-standard certifications such as ... (truncated, view full listing at source)