Security Operations Analyst II

Founded in 1965, Prometheus is the largest privately held owner of apartments in the San Francisco Bay Area, with a portfolio of over 13,000 apartments in the Silicon Valley, Portland, and Seattle regions. We invest in real estate long-term and the focus on enduring quality drives every element of what we do - from our selection of locations to design decisions, reinvestments into our Neighborhoods and our operating strategy. 

We are proud to be a Certified B Corporation, part of a group of companies that meets the highest standards for using business as a force for good. We have more than 500 Prometheans, and have a home office in San Mateo, with satellite offices in Portland, Oregon, and in the Bay Area. We are a vertically integrated company with four main core competencies in-house: acquisitions/investments, development, value-add renovations, and operations/property management. Prometheus has a long history of award-winning approaches to what we do, receiving over 100 awards for design and excellence including Fortune Magazine’s list of 100 Best Small & Medium Companies, the 100 Best Workplaces for Women and Best Places to Work in the Bay Area.

We are focused on Good Living for the Greater Good. This means providing a true sense of home and belonging for our Neighbors and Prometheans and giving our time and resources to bring positive change locally and beyond. It also means supporting you in your career goals with the very best working experience, and that starts with us having fun in the work we do together.

Our IT Team is looking for a Security Operations Analyst II responsible for leading in-depth investigations and incident response to escalated events and be involved in security-based projects as well as manage security solutions/systems. This role correlates data across SIEM/XDR, identity, endpoint, network, and SaaS/cloud sources; determines true blast radius; separates routine administrative activity from attacker behavior; and coordinates containment and remediation with Infrastructure/IT.

• Security Operations: Lead investigations for escalated incidents such as account compromises, endpoint malware, suspicious network activity, and SaaS misuse. Correlate data across SIEM/XDR, identity/SSO, endpoint/EDR, network, and cloud/SaaS logs to build attack timelines, identify entry vectors, and assess lateral movement. Coordinate containment and remediation with Infrastructure/IT—disabling or recovering compromised accounts, isolating infected endpoints and removing malware, validating EDR coverage and system integrity, and confirming cleanup success. Produce clear, audit-ready incident documentation detailing scope, evidence, actions, timelines, decisions, and resolution rationale. Act as an escalation point for the Service Desk and junior analysts, provide real-time guidance, and apply chain-of-custody and evidence-preservation practices for high-severity events, maintaining case files with hashes, screenshots, and IOC/IOA sets.
• Detection, Playbooks, Threat Intelligence, and Continuous Improvement Response: Tune and improve detections, automate repetitive workflows, and drive incident response improvements. Refine existing rules and propose new use cases based on investigations and recurring patterns; enrich cases with threat intelligence (IOCs and TTPs) and incorporate those learnings into future detections and playbooks; Contribute and evolve response playbooks for major incident types (account compromise, endpoint malware, SaaS abuse, suspicious network activity), participate in post-incident reviews with root-cause analyses and practitioner-level technical narratives, and recommend prioritized, practical prevention and mitigation improvements. Conduct targeted threat hunts (e.g., OAuth abuse, living-off-the-land binaries, credential-stuffing against legacy protocols), define and track alert-quality KPIs (true/false positive ratios, suppression coverage), and collaborate to improve MTTD/MTTR.

Our Security Operations Analyst II possesses the following experience, skills and abilities and be able to explain and demonstrate that they can perform the essential functions of the job, with or without reasonable accommodation, using some other combination of knowledge, skills, and abilities:

• Bachelor’s Degree in the field of Computer Science, technology, or a related area with a master’s degree preferred.
• 2–5 years in Security Operations or Infrastructure/IT Operations with a security focus.
• 2+ years Windows/sysadmin experience; macOS/Linux a plus.
• 2+ years core networking (IP, DNS, ports, VPN, firewalls).
• Hands-on experience with SIEM/XDR, EDR, identity/SSO, and cloud/SaaS logs.
• Able to read Windows event logs, perform basic endpoint triage, and apply MITRE ATT&CK for triage.
• Strong written/verbal communication and incident leadership skills.
• CompTIA Security+ required and other security certifications preferred.