Security Operations Analyst II

ABOUT PROMETHEUS

Founded in 1965, Prometheus is the largest privately held owner of apartments in the San Francisco Bay Area, with a portfolio of over 13,000 apartments in the Silicon Valley, Portland, and Seattle regions. We invest in real estate long-term and the focus on enduring quality drives every element of what we do - from our selection of locations to design decisions, reinvestments into our Neighborhoods and our operating strategy. 

We are proud to be a Certified B Corporation, part of a group of companies that meets the highest standards for using business as a force for good. We have more than 500 Prometheans, and have a home office in San Mateo, with satellite offices in Portland, Oregon, and in the Bay Area. We are a vertically integrated company with four main core competencies in-house: acquisitions/investments, development, value-add renovations, and operations/property management. Prometheus has a long history of award-winning approaches to what we do, receiving over 100 awards for design and excellence including Fortune Magazine’s list of 100 Best Small & Medium Companies, the 100 Best Workplaces for Women and Best Places to Work in the Bay Area.

OUR PURPOSE

We are focused on Good Living for the Greater Good. This means providing a true sense of home and belonging for our Neighbors and Prometheans and giving our time and resources to bring positive change locally and beyond. It also means supporting you in your career goals with the very best working experience, and that starts with us having fun in the work we do together.

YOUR ROLE AND IMPACT

Our IT Team is looking for a Security Operations Analyst II responsible for leading in-depth investigations and incident response to escalated events and be involved in security-based projects as well as manage security solutions/systems. This role correlates data across SIEM/XDR, identity, endpoint, network, and SaaS/cloud sources; determines true blast radius; separates routine administrative activity from attacker behavior; and coordinates containment and remediation with Infrastructure/IT.

• Security Operations: Lead investigations for escalated incidents such as account compromises, endpoint malware, suspicious network activity, and SaaS misuse. Correlate data across SIEM/XDR, identity/SSO, endpoint/EDR, network, and cloud/SaaS logs to build attack timelines, identify entry vectors, and assess lateral movement. Coordinate containment and remediation with Infrastructure/IT—disabling or recovering compromised accounts, isolating infected endpoints and removing malware, validating EDR coverage and system integrity, and confirming cleanup success. Produce clear, audit-ready incident documentation detailing scope, evidence, actions, timelines, decisions, and resolution rationale. Act as an escalation point for the Service Desk and junior analysts, provide real-time guidance, and apply chain-of-custody and evidence-preservation practices for high-severity events, maintaining case files with hashes, screenshots, and IOC/IOA sets.
• Detection, Playbooks, Threat Intelligence, and Continuous Improvement Response: Tune and improve detections, automate repetitive workflows, and drive incident response improvements. Refine existing rules and propose new use cases based on investigations and recurring patterns; enrich cases with threat intelligence (IOCs and TTPs) and incorporate those learnings into future detections and playbooks; Contribute and evolve response playbooks for major incident types (account compromise, endpoint malware, SaaS abuse, suspicious network activity), participate in post-incident reviews with root-cause analyses and practitioner-level technical narratives, and recommend prioritized, practical prevention and mitigation improvements. Conduct targeted threat hunts (e.g., OAuth abuse, living-off-the-land binaries, credential-stuffing against legacy protocols), define and track alert-quality KPIs (true/false positive ratios, suppression coverage), and collaborate to improve MTTD/MTTR.

HERE’S MORE OF THE NITTY-GRITTY:

Our Security Operations Analyst II possesses the following experience, skills and abilities and be able to explain and demonstrate that they can perform the essential functions of the job, with or without reasonable accommodation, using some other combination of knowledge, skills, and abilities:

• Bachelor’s Degree in the field of Computer Science, technology, or a related area with a master’s degree preferred.
• 2–5 years in Security Operations or Infrastructure/IT Operations with a security focus.
• 2+ years Windows/sysadmin experience; macOS/Linux a plus.
• 2+ years core networking (IP, DNS, ports, VPN, firewalls).
• Hands-on experience with SIEM/XDR, EDR, identity/SSO, and cloud/SaaS logs.
• Able to read Windows event logs, perform basic endpoint triage, and apply MITRE ATT&CK for triage.
• Strong written/verbal communication and incident leadership skills.
• CompTIA Security+ required and other security certifications preferred.

COMPENSATION AND BENEFITS

We offer a variety of benefits that take compensation well beyond a paycheck. This includes traditional benefits and benefits you might not expect or know about. The salary range provided is based on a number of factors, including location, job-related skills, experience, and qualifications.  

Compensation

• Pay Range: $105,000.00 to $135,000.00 per year
• Discretionary Annual Bonus Plan

Benefits & Perks

• Medical; Vision; Dental:100% Company-paid plans (including eligible dependents) and affordable buy-up options
• Life Insurance; Accidental Death & Dismemberment Insurance; Long Term Disability
• Behavioral Health Program Accessible 24/7
• Tax-Free Flexible Spending Accounts
• 401(K) Retirement Plan with Employer Matching
• Recognition & Rewards Program (Torch)
• Vacation: 10 days per year with accrual increase overtime
• Anniversary Vacation: 40-hour Vacation Granted at Tenured Milestones
• Sick Leave: 9 days per year
• 12 paid holidays, including your birthday!
• Paid Volunteer Time
• Tenure-based Housing discounts
• Educational Assistance, Tuition Reimbursement
• Referral Bonus
• Hybrid Work Schedule

Learn more about these and other perks of being a Promethean by exploring our full Benefits Guide.

Prometheus is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or any other status protected under federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

If you'd like more information about your EEO rights as an applicant under Federal Employment Laws, please check out these FMLA, EEO, and EPPA pages.