At WHOOP, we are on a mission to unlock human performance and extend healthspan. The security organization supports this mission by protecting the systems, data, and infrastructure that power the platform and enable trusted member experiences.
WHOOP is seeking a Security Analyst to support day-to-day security operations and maintain operational visibility across the security environment. This role works closely with the internal security team and external security partners to investigate alerts, coordinate response activities, and ensure security issues are triaged and addressed efficiently.
The ideal candidate combines strong analytical skills with operational discipline and enjoys working across security and engineering teams to investigate potential threats and improve security processes.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Triage and investigate security alerts originating from internal security tooling as well as those escalated by external security monitoring partners.
Monitor and manage the internal security operations ticket queue, ensuring alerts and investigations are prioritized, tracked, and resolved in a timely manner.
Assist with investigation of security events across endpoint, identity, cloud, and SaaS platforms.
Support incident response activities including investigation, containment coordination, documentation, and post-incident analysis.
Respond to external threat intelligence and digital risk alerts related to potential brand abuse, impersonation, or exposed credentials.
Collaborate with security engineering teams and external security partners to improve detection coverage and reduce false positives.
Help identify gaps in logging, telemetry, or investigation workflows across security platforms.
Assist with threat hunting and security investigations using data from SIEM and other security tools.
Support vulnerability management workflows by assisting with triage, prioritization, and tracking of remediation activities.
Own and manage the security operations queue while serving as a central intake point for security questions, alerts, and reports across the organization, ensuring items are triaged, prioritized, and driven through investigation or resolution.
Operate the organization’s phishing simulation program to reduce susceptibility to social engineering threats, including managing phishing campaigns and coordinating targeted remediation training for users with repeated failures.
Identify opportunities to improve security operations through process improvements, automation, and responsible use of AI to streamline investigation, triage, and reporting workflows.
Maintain documentation for incident response procedures, investigation workflows, and operational playbooks.
Participate in the security team’s on-call rotation to support investigation and response activities when needed.
3+ years of experience in security operations, incident response, threat detection, or a related cybersecurity role.
Experience investigating security alerts or suspicious activity across environments such as endpoint, identity, cloud, or SaaS systems.
Experience triaging and managing security investigation workflows, including ticket queues or incident tracking systems.
Familiarity with SIEM platforms, log analysis, and security monitoring tools.
Understanding of common attacker techniques and frameworks such as MITRE ATT&CK.
Experience working with security tools such as EDR platforms, identity systems, cloud logging platforms, or similar technologies.
Familiarity with modern AI-enabled tools used in enterprise environments and an understanding of risks associated.
Experience improving security operations through automation, scripting, or responsible use of AI to increase operational efficiency.
Strong analytical and investigative skills with the ability to evaluate security events and determine potential impact.
Ability to coordinate investigations across multiple teams and communicate findings clearly to technical and non-technical stakeholders.
Strong written documentation skills for incident records, investigation notes, and operational procedures.
Relevant security certifications such as Security+, CySA+, SSCP, GSEC, or GCIH are a plus.
Boston
