Security Analyst

Company description Tremend is the newest global software engineering hub for Publicis Sapient. For over 20 years, the company has been infusing its advanced technical expertise into complex and innovative solutions that meet today's digital transformation needs and pave the way for a better and smarter future. By joining forces with Publicis Sapient we're accelerating the impact, providing a good mix of talented engineers, technology, continuous improvement, innovation, and R&D. Here, you'll have the opportunity to unleash your potential, powering up advanced software solutions for some of the world's most iconic brands. Embrace your passion for technology, creativity, and continuous improvement, and join us in making a difference through engineering. Overview The Security Analyst will be part of the 24×7 Security Operations team responsible for continuous monitoring, triage, and initial response across SIEM, EDR, Kubernetes security tools, and cloud platforms. The role involves real-time detection, first-level containment, and accurate escalation for incidents affecting Kubernetes clusters, workloads, application nodes, and databases. Responsibilities * Real-time monitoring of alerts from SIEM, EDR, Kubernetes security platforms, CSPM, and cloud-native logs. * Triage of events related to: Kubernetes clusters (API server access logs, audit logs, kubelet logs) Container runtime anomalies Suspicious pod or deployment behavior Unauthorized configuration changes (RBAC, network policies) * Perform first-level investigations on: Pod/container compromises Lateral movement within clusters Suspicious container images Failed authentications to Kubernetes APIs * Follow SOPs to take initial containment actions such as: Isolating compromised nodes or VMs Triggering automated quarantine for containers Revoking credentials or tokens * Escalate Kubernetes-related incidents to Tier 2 engineering teams with full context. * Maintain detailed investigation records in the case management system. * Identify false positives/noisy alerts in container security and suggest tuning improvements. * Provide structured end-of-shift handovers for 24×7 operations. * Participate in continuous learning on emerging Kubernetes threats, cloud-native attack vectors, and Linux-based compromise techniques. Qualifications Required * 2-3+ years working in a SOC or cybersecurity operations role. * Experience analyzing Linux events (as most Kubernetes nodes are Linux-based). * Understanding of Kubernetes architecture: API Server, kubelet, etcd, scheduler, pods, containers, namespaces. * Familiarity with: Kubernetes audit logs Cloud-native logs (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs) Container runtime basics (containerd, CRI-O, Docker) * Experience with EDR/SIEM investigations and common TTPs (LOTL, lateral movement, privilege escalation). * Knowledge of basic detection areas: Suspicious container spawning Privileged pod creation Unauthorized exec into pods * Strong communication, documentation, and analytical skills. * Willingness to work in rotating 24×7 shifts. Preferred * Certifications: Security+, CySA+, GSEC, CKAD or KCNA basics. * Familiarity with Falco, Aqua, Prisma Cloud, Wiz, Sysdig, or similar tools. Additional information Besides an exciting job in a tremendous team, here's what you can expect: A fast-paced tech environment Continuous growth & learning Open feedback culture Room for own initiative & ideas Transparency about results & strategy Recognition & reward for hard work Working with a flexible schedule Medical subscription Meal tickets Extra vacation days - starting with 25 vacation days Many others perks