Product Security Analyst III

At ExtraHop, we’re on a mission to protect and empower the connected enterprise. We reveal what is happening in the very infrastructure that sustains businesses, lives, and communities, and ensure the integrity of networks, data, systems, and processes. Organizations rely on ExtraHop to provide visibility into the cyber threats, vulnerabilities, and network performance issues that evade their existing security and IT tools. With this insight, organizations can investigate smarter, stop threats faster, and keep operations running. Our mission is fueled by a profound social and moral responsibility to be the best at what we do, ensuring a secure world where everyone can thrive. If this sounds like a place you’d like to spend the next chapter of your career, we’d love to hear from you.  Position Summary By joining ExtraHop as a Product Security Analyst, you’ll directly contribute to strengthening the security posture and ensuring the secure operation of ExtraHop’s market-leading cyber security products. This is an opportunity to collaborate with top-tier professionals, to learn and innovate, and grow your skills in cyber, cloud and product security. You will play a key role in defining and running security operations, including security monitoring, incident response and vulnerability mitigation. Collaborating across teams and supporting ExtraHop’s production cloud service offering, your work will have a direct impact on the success of the company and your fellow colleagues. We are looking for candidates with prior cyber security operations and incident response experience and who have a good foundational understanding of web applications, public cloud infrastructure, Linux systems, and container technologies.  Key Responsibilities Work with security information & event management (SIEM), endpoint detection & response (EDR), network detection & response (NDR) tooling and other systems to perform security investigations Operate and improve SIEM, EDR, NDR and others tools; implement, evaluate and tune detection rules Implement tools and scripts to automate monitoring and response activities Perform and/or lead security incident response activities Perform threat hunting activities to proactively assess system activity and search for indicators of compromise Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections Contribute to vulnerability detection and response pipelines, including tools, reporting and tracking  Triage vulnerabilities; recommend and coordinate remediation actions  Collaborate with Product Security team members to contribute to standards, policies, procedures, documentation, and training  Other duties as assigned Required Qualifications 4+ years of experience in cyber security or closely related roles 2+ years of which should be hands-on experience specifically fulfilling security monitoring, threat hunting and incident response duties Bachelor's degree or equivalent experience in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical field Direct experience with a modern SIEM platform, including creating dashboards and searches, tuning detections, and responding to alerts Direct experience with server endpoint detection & response (EDR) Technical knowledge of Linux systems, web application security and cloud security, including security principles and best practices for cloud-based environments Proficient with security tools, including vulnerability scanners, ticketing systems Proficient with developing and refining Python code to integrate systems and automate response tasks Strong analytical skills to effectively manage and resolve security issues Proven ability to communicate complex security concepts Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each Preferred Qualifications Direct experience with Splunk Enterprise Security, Crowdstrike Falcon, and ExtraHop RevealX NDR Experience with Amazon Web Services (AWS), Google Cloud Platform (GCP), and common compute services and data stores Experience working with container-based environments (Kubernetes, Docker, etc.) Holds one or more security certifications The salary range for this role is $135,000 - $149,000 + bonus + benefits ABOUT EXTRAHOP ExtraHop is reinventing Network Detection and Response (NDR) to offer enterprises unparalleled visibility, context, and control against emerging threats. The platform integrates NDR with Network Performance Management (NPM), Intrusion Detection Systems (IDS), and forensics, providing a single, comprehensive solution. By decrypting and analyzing complete packet-level data at wire speed and leveraging cloud-scale machine learning, ExtraHop empowers Security Operations Centers (SOCs) to detect, investigate, and remediate modern cyber risks in real time across their entire hybrid infrastructure, including data center, cloud, and SASE environments. This comprehensive approach and market innovation have earned ExtraHop unique recognition as the only NDR vendor acknowledged as a leader by all major analyst firms, including the 2025 Gartner® Magic Quadrant for Network Detection and Response™, the 2025 Forrester® Wave for Network Analysis and Visibility, the 2024 IDC® Marketscape for NDR, and the 2025 Gigamon® Radar Report for Network Detection and Response. Since 2007, ExtraHop has consistently helped organizations worldwide extract in-depth network telemetry and contextual insights, affirming its commitment to protecting and empowering the connected enterprise. OUR VALUES Our culture is rooted in our five