Security Analyst

The Security Analyst will be part of the 24×7 Security Operations team responsible for continuous monitoring, triage, and initial response across SIEM, EDR, Kubernetes security tools, and cloud platforms. The role involves real-time detection, first-level containment, and accurate escalation for incidents affecting Kubernetes clusters, workloads, application nodes, and databases.

Responsibilities

• Real-time monitoring of alerts from SIEM, EDR, Kubernetes security platforms, CSPM, and cloud-native logs.
• Triage of events related to:
Kubernetes clusters (API server access logs, audit logs, kubelet logs)
Container runtime anomalies
Suspicious pod or deployment behavior
Unauthorized configuration changes (RBAC, network policies)
• Perform first-level investigations on:
Pod/container compromises
Lateral movement within clusters
Suspicious container images
Failed authentications to Kubernetes APIs
• Follow SOPs to take initial containment actions such as:
Isolating compromised nodes or VMs
Triggering automated quarantine for containers
Revoking credentials or tokens
• Escalate Kubernetes-related incidents to Tier 2 engineering teams with full context.
• Maintain detailed investigation records in the case management system.
• Identify false positives/noisy alerts in container security and suggest tuning improvements.
• Provide structured end-of-shift handovers for 24×7 operations.
• Participate in continuous learning on emerging Kubernetes threats, cloud-native attack vectors, and Linux-based compromise techniques.

Qualifications

Required
• 2–3+ years working in a SOC or cybersecurity operations role.
• Experience analyzing Linux events (as most Kubernetes nodes are Linux-based).
• Understanding of Kubernetes architecture: API Server, kubelet, etcd, scheduler, pods, containers, namespaces.
• Familiarity with:
Kubernetes audit logs
Cloud-native logs (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs)
Container runtime basics (containerd, CRI-O, Docker)
• Experience with EDR/SIEM investigations and common TTPs (LOTL, lateral movement, privilege escalation).
• Knowledge of basic detection areas:
Suspicious container spawning
Privileged pod creation
Unauthorized exec into pods
• Strong communication, documentation, and analytical skills.
• Willingness to work in rotating 24×7 shifts.

Preferred
• Certifications: Security+, CySA+, GSEC, CKAD or KCNA basics.
• Familiarity with Falco, Aqua, Prisma Cloud, Wiz, Sysdig, or similar tools.

Besides an exciting job in a tremendous team, here s what you can expect:

• A fast-paced tech environment
• Continuous growth & learning
• Open feedback culture
• Room for own initiative & ideas
• Transparency about results & strategy
• Recognition & reward for hard work
• Working with a flexible schedule 
• Medical subscription
• Meal tickets
• Extra vacation days - starting with 25 vacation days
• Many others perks

Tremend is the newest global software engineering hub for Publicis Sapient. For over 20 years, the company has been infusing its advanced technical expertise into complex and innovative solutions that meet today s digital transformation needs and pave the way for a better and smarter future. By joining forces with Publicis Sapient we re accelerating the impact, providing a good mix of talented engineers, technology, continuous improvement, innovation, and R&D. Here, you ll have the opportunity to unleash your potential, powering up advanced software solutions for some of the world s most iconic brands. Embrace your passion for technology, creativity, and continuous improvement, and join us in making a difference through engineering.