Company description
Tremend is the newest global software engineering hub for Publicis Sapient. For over 20 years, the company has been infusing its advanced technical expertise into complex and innovative solutions that meet today's digital transformation needs and pave the way for a better and smarter future. By joining forces with Publicis Sapient we're accelerating the impact, providing a good mix of talented engineers, technology, continuous improvement, innovation, and R&D. Here, you'll have the opportunity to unleash your potential, powering up advanced software solutions for some of the world's most iconic brands. Embrace your passion for technology, creativity, and continuous improvement, and join us in making a difference through engineering.
Overview
The Security Analyst will be part of the 24×7 Security Operations team responsible for continuous monitoring, triage, and initial response across SIEM, EDR, Kubernetes security tools, and cloud platforms. The role involves real-time detection, first-level containment, and accurate escalation for incidents affecting Kubernetes clusters, workloads, application nodes, and databases.
Responsibilities
Real-time monitoring of alerts from SIEM, EDR, Kubernetes security platforms, CSPM, and cloud-native logs.
Triage of events related to:
Kubernetes clusters (API server access logs, audit logs, kubelet logs)
Container runtime anomalies
Suspicious pod or deployment behavior
Unauthorized configuration changes (RBAC, network policies)
Perform first-level investigations on:
Pod/container compromises
Lateral movement within clusters
Suspicious container images
Failed authentications to Kubernetes APIs
Follow SOPs to take initial containment actions such as:
Isolating compromised nodes or VMs
Triggering automated quarantine for containers
Revoking credentials or tokens
Escalate Kubernetes-related incidents to Tier 2 engineering teams with full context.
Maintain detailed investigation records in the case management system.
Identify false positives/noisy alerts in container security and suggest tuning improvements.
Provide structured end-of-shift handovers for 24×7 operations.
Participate in continuous learning on emerging Kubernetes threats, cloud-native attack vectors, and Linux-based compromise techniques.
Qualifications
Required
2-3+ years working in a SOC or cybersecurity operations role.
Experience analyzing Linux events (as most Kubernetes nodes are Linux-based).
Understanding of Kubernetes architecture: API Server, kubelet, etcd, scheduler, pods, containers, namespaces.
Familiarity with:
Kubernetes audit logs
Cloud-native logs (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs)
Container runtime basics (containerd, CRI-O, Docker)
Experience with EDR/SIEM investigations and common TTPs (LOTL, lateral movement, privilege escalation).
Knowledge of basic detection areas:
Suspicious container spawning
Privileged pod creation
Unauthorized exec into pods
Strong communication, documentation, and analytical skills.
Willingness to work in rotating 24×7 shifts.
Preferred
Certifications: Security+, CySA+, GSEC, CKAD or KCNA basics.
Familiarity with Falco, Aqua, Prisma Cloud, Wiz, Sysdig, or similar tools.
Additional information
Besides an exciting job in a tremendous team, here's what you can expect:
A fast-paced tech environment
Continuous growth & learning
Open feedback culture
Room for own initiative & ideas
Transparency about results & strategy
Recognition & reward for hard work
Working with a flexible schedule
Medical subscription
Meal tickets
Extra vacation days - starting with 25 vacation days
Many others perks
