Role Description As the leader in quantum technology and quantum infrastructure, we're expanding our security operations capability and looking for an SOC Analyst who is excited to help build and mature our detection and response function. You'll work in an environment that values collaboration, inclusivity, and great ideas — no matter where they come from. We promote teamwork, openness, and a culture where people are encouraged to share improvements and challenge the status quo in a constructive way. In this role, you'll handle the full lifecycle of monitoring, analyzing, and responding to security events across our environment. You'll combine quick, effective triage with deeper investigations, threat hunting, and hands-on remediation. You'll also have opportunities to influence tooling, detections, processes, and personal development as our team grows. Responsibilities: - Monitor SIEM, EDR, IDS/IPS, cloud security, and email security alerts for potential threats or abnormal activity. - Triage, validate, and investigate security alerts; identify false positives; escalate or resolve incidents as appropriate. - Perform in-depth analysis of suspicious activity and correlate logs across multiple systems to determine root cause, scope, and impact. - Execute containment and remediation actions such as host isolation, account lockdown, IOC blocking, vulnerability mitigation, and post-recovery validation. - Conduct proactive threat hunting based on threat intelligence, behavioral patterns, or hypothesis-driven analysis. - Support forensic data collection and examination (endpoint artifacts, system logs, cloud audit logs, etc.). - Analyze suspicious files, scripts, URLs, and domains using sandboxing, tooling, and threat intelligence sources. - Recommend and contribute to improvements in SIEM rules, detections, automation workflows, and security playbooks. - Participate in incident response activities, including documentation, communication with stakeholders, and post-incident reviews. - Monitor and maintain the health and accuracy of security tooling, connectors, and log ingestion pipelines. - Help improve security processes, policies, and standards as part of a growing team. - Maintain clear, organized case notes and produce reports when needed. - Opportunity to help shape a growing SOC and influence detection engineering, automation, and incident response processes. Qualifications - 1–3+ years of experience in a SOC, incident response, or security operations environment. - Hands-on experience with SIEM, EDR, and cloud security tools (e.g., Microsoft Sentinel, Defender XDR, Splunk, CrowdStrike, etc.). - Strong understanding of Windows, Linux, and/or macOS internals; identity security; authentication flows; and network fundamentals (TCP/IP, DNS, HTTP). - Familiarity with threat landscape, threat intelligence workflows, and MITRE ATT&CK. - Ability to write basic queries or scripts (KQL, SPL, PowerShell, Python, etc.). - Analytical thinker with strong troubleshooting skills and a structured approach to incident handling. - Clear communication skills and the ability to document technical findings concisely and accurately. - A commitment to doing work the right way — following sound processes, documenting thoroughly, and maintaining a high standard for quality and security operations. - A genuine desire to learn, grow, and continuously improve as the environment, tools, and challenges evolve. Preferred Qualifications - Experience with the Microsoft security stack (Sentinel, Defender for Endpoint/XDR, Entra ID Protection). - Experience with threat hunting, detection tuning, or security automation. - Certifications such as Security+, CySA+, SC-200, AZ-500, GCIH/GCED/GCIA, or equivalent. - Experience working in fast-paced, high-growth tech environments. Benefits - Comprehensive medical, dental, and vision plans. - Matching 401K. - Unlimited PTO and paid holidays. - Parental/adoption leave. - Legal insurance. - Home technology stipend. Location Ideally, this role will work onsite at our office located in Bothell, WA or College Park, MD. We are open to hybrid and remote options for the right candidate. Travel Minimal, less than 10% Compensation The approximate base salary range for this position is $83,430 - $109,232. The total compensation package includes base, bonus, and equity. Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity.

• Perform reviews and approvals for Antivirus Exclusions, Browser Extensions, Email Whitelisting, Firewall Rules, Software Installations, and General Security Guidance. • Complete out-of-band requests and Product Architecture (VDC) alignment/support within SLA targets. • Attend Architecture Committee and AI Committee meetings; provide security input and document decisions. • Ensure security controls are integrated into all reviewed projects and changes. • Maintain and update existing security reference architectures under Senior Director guidance. • Contribute to Technical Standards documentation and special projects (e.g., Polaris). • Apply risk assessment frameworks to ticketed requests and suggest compensating controls. • Support the vulnerability management exception process for assigned items. • Work with CT Security Engineering, Cyber Operations, and business units to apply consistent security best practices. • Escalate complex issues to the Senior Director and assist in policy enforcement. • Stay current with security trends, tools, and threats relevant to daily review tasks. • Recommend tactical improvements to streamline approval workflows.

• Perform reviews and approvals for Antivirus Exclusions, Browser Extensions, Email Whitelisting, Firewall Rules, Software Installations, and General Security Guidance. • Complete out-of-band requests and Product Architecture (VDC) alignment/support within SLA targets. • Attend Architecture Committee and AI Committee meetings; provide security input and document decisions. • Ensure security controls are integrated into all reviewed projects and changes. • Maintain and update existing security reference architectures under Senior Director guidance. • Contribute to Technical Standards documentation and special projects (e.g., Polaris). • Apply risk assessment frameworks to ticketed requests and suggest compensating controls. • Support the vulnerability management exception process for assigned items. • Work with CT Security Engineering, Cyber Operations, and business units to apply consistent security best practices. • Escalate complex issues to the Senior Director and assist in policy enforcement. • Stay current with security trends, tools, and threats relevant to daily review tasks. • Recommend tactical improvements to streamline approval workflows.

About Us dbt Labs is the pioneer of analytics engineering, helping data teams transform raw data into reliable, actionable insights. Since 2016, we’ve grown from an open source project into the leading analytics engineering platform, now used by over 90,000 teams every week, driving data transformations and AI use cases. As of February 2025, we’ve surpassed $100 million in annual recurring revenue (ARR) and serve more than 5,400 dbt Platform customers, including AstraZenica, Sky, Nasdaq, Volvo, JetBlue, and SafetyCulture. We’re backed by top-tier investors including Andreessen Horowitz, Sequoia Capital, and Altimeter. At our core, we believe in empowering data practitioners: - Reliable, high-quality data is the fuel that propels AI-powered data engineering.
 - AI is changing data work, fast. dbt’s data control plane keeps data engineers ahead of that curve. - We empower engineers to deliver reliable, governed data faster, cheaper, and at scale. dbt Labs is now synonymous with analytics engineering, defining the modern data stack and serving as the data control plane for enterprise teams around the world. And we’re just getting started.. We’re growing fast and building a team of passionate, curious people across the globe. Learn more about what makes us special by checking out our values. About the Security Team: The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt. Our small team size and wide scope of responsibilities require that we work intelligently to address the security needs of dbt's products. We aim to put yesterday's problems behind us through a mix of OSS/COTS solutions for commodity problems and using ingenuity to solve the rest. As a Senior Security Operations Engineer on the Detection & Response team, you will strengthen and maintain the company's security posture throughout the threat detection lifecycle from telemetry collection and continuous monitoring through threat detection, incident response, and security event management. You will serve as a subject matter expert for security operations across the dbt Labs' teams and technology infrastructure, including multi-cloud production environments, identity, endpoints, and SaaS technologies. In this role, you can expect to: - Participate in a 24/7 on-call rotation providing coverage for active security incidents, investigations, and security events across our global infrastructure. - Lead investigation and remediation of security incidents, coordinating cross-functional response efforts to minimize impact and recovery time. - Play a major role in bootstrapping an end to end D&R alert and investigation pipeline. - Triage and investigate security alerts from detection tools including Wiz Defend, Crowdstrike, and cloud security platforms to identify genuine threats and reduce false positives. - Develop and maintain detection rules, runbooks, and response procedures mapped to the company's threat model. - Automate alert triage workflows and improve mean time to detection and response through tooling and process enhancements, including leveraging AI enrichment and processing. - Collaborate with Infrastructure and Application Security teams to implement secure-by-design principles and remediate identified security issues. - Conduct security event analysis to identify policy violations, misconfigurations, and potential attack vectors before they become incidents. - Partner with our Enterprise Security & Technology team to enhance endpoint security controls and monitoring across endpoints (MacOS laptops & some Windows and Linux-based development environments). - Design and facilitate tabletop exercises and game days to test detection, response, recovery, and remediation capabilities. - Contribute to the maturation of the security incident response program through documentation, training, and process improvements. - Mentor junior security engineers and cross-functional team members on incident handling best practices. The only MUST-haves - Demonstrated ability to excel in high-pressure situations; we need someone who can make sound decisions during active security incidents and can calmly serve as incident commander with confidence. You are a good fit if you: - Have demonstrated experience working within security detection and response programs in cloud-native environments. - Have hands-on experience with security tooling, regardless of specific technology ( SIEM, SOAR, EDR, and CSPM tools) with a focus on detection engineering and alert tuning. - Are driven to automate and simplify. You're comfortable using AI to do this. We primarily use Python and Terraform, but we also leverage AI tools like Notion, Claude Code, and Cursor. - Think systematically about reducing false positives while maintaining comprehensive detection coverage. You want to automate as much as possible and make everyone’s life easier when they review an alert. - Are passionate about documenting processes and creating training materials that enable others to respond effectively. - Have experience working in Kubernetes-based production environments with extensive SaaS platform integration. - Communicate clearly with both technical and non-technical stakeholders during incidents and investigations. - Are comfortable working remotely as part of a globally distributed security team. - Have working knowledge of attacker TTPs and frameworks such as MITRE ATT&CK, and how to detect them using available telemetry. You care more about behaviors than specific IOCs. You'll have an edge if you: - Have experience with the tools we use, including: Okta, Wiz, Crowdstrike, Jamf, and Google Workspace. - Have experience working across cloud environments; we’re in AWS, Azure, and Google Cloud. - Can demonstrate measurable improvements you've made to time to a security program. - Have opinions about how a successful SecOps program should be measured. - Have built automated alert triage systems that significantly reduced false positive rates and reduced time-to-investigate. - Have experience with eDiscovery or digital forensics and incident response (DFIR) work. - Hold relevant certifications such as GCIH, GCIA, GCFA, or equivalent. - Have contributed to open source security tooling or detection content. - Have experience with bug bounty program management and vulnerability disclosure processes. - You have experience with data pipelines, or data analysis best practices. - Have familiarity with application-level detections, such as database security monitoring, detecting malicious queries, or abnormal application behavior. Qualifications - Have 8+ years of professional experience in security-related domains, including at least 4 years in security operations, incident response, threat hunting, or threat detection roles. - Have demonstrable experience leading security incident investigations and coordinating cross-team response efforts. - We understand that there are thousands of ways to get in to security, we encourage you to apply if you think you'd be a stellar applicant even if you don't check all the arbitrary boxes on this job description. We welcome applicants with diverse backgrounds and non-traditional experience. Compensation & Benefits Salary: We offer competitive compensation packages commensurate with experience, including salary, equity, and where applicable, performance-based pay. Our Talent Acquisition Team can answer questions around dbt Labs' total rewards during your interview process. In select locations (including Boston, Chicago, Denver, Los Angeles, Philadelphia, New York Metro, San Francisco, DC Metro, Seattle, Austin), an alternate range may apply, as specified below. - The typical starting salary range for this role is: $175,000 - $212,000 USD - The typical starting salary range for this role in the select locations listed is: $194,000 - $235,000 US Equity Stake Benefits - dbt Labs offers: - Unlimited vacation (and yes we use it!) - 401k w/3% guaranteed contribution - Excellent healthcare - Paid Parental Leave - Wellness stipend - Home office stipend, and more! *Equity or comparable benefits may be offered depending on the legal limitations What to expect in the hiring process (all video interviews unless accommodations are needed): - Interview with Talent Acquisition Partner - Interview with Hiring Manager - Team Interviews - Final Interview with VP of Security dbt Labs is an equal opportunity employer, committed to building an inclusive team that welcomes diverse perspectives, backgrounds, and experiences. Even if your experience doesn’t perfectly align with the job description, we encourage you to apply—we value potential just as much as a perfect resume. Want to learn more about our focus on Diversity, Equity and Inclusion at dbt Labs? Check out our DEI page. dbt Labs reserves the right to amend or withdraw the posting at any time. For employees outside the United States, dbt Labs offers a competitive benefits package. RSUs or comparable benefits may be offered depending on the legal or country limitations. Privacy Notice Supplement to Privacy Notice - Californians Supplement to Privacy Notice - EEA/UK