Electronic Arts

Position Overview

Provide 24×7 monitoring for security alerts and incidents (eyes on the glass). Work with different security tools to analyze data to confirm or infirm an incident and assist with all Intellectual Property (IP) incidents. The Security Operations Analyst is the first point of contact for EA internal security inquiries and collaborates with all security pillars and IT teams to resolve ongoing security incidents. Participate in building new detections based on observed trends and create searches, visualizations, dashboards, and alerts.

Responsibilities:

• Monitor/detect/investigate security alerts received from EDR, IDS/IPS, SaaS/IaaS, and malware protection tools into the SIEM.
• Monitor email and slack for security notifications or requests.
• Execute response actions per playbook (e.g., isolation, blocking, credential resets) and escalate per workflow.
• Participate in shifts/on‑call to ensure 24×7 coverage.
• Track potential security incidents in the ticketing platform, own and drive resolution.
• Perform daily follow‑ups on outstanding cases.
• Coordinate with other EA teams to resolve or escalate security alerts.
• Investigate incidents detected in SIEM and those reported by users over email/Slack.
• Suggest improvements to processes and workflows.
• Assist with security tools/endpoint agent deployments.
• Meet SLAs for internal tickets and track SLAs for tickets opened to other teams.
• Send security notifications to users when required.
• Support security automation tools with information on new incident types/patterns observed.
• Provide root cause analysis where possible.
• Escalate incidents/alerts to the next level per agreed workflows.
• Provide support services to internal users for deployed endpoint solutions.
• Use diverse tools to gather information necessary to resolve incidents.
• Investigate cloud logs for anomalies.
• Test new security alerts that are candidates for 24×7 monitoring and propose new alerts for implementation.

Required Skills:

• Understanding of security principles and common security techniques/technologies.
• Experience with virtual environments (ESX, QEMU, VirtualBox, etc.).
• Experience with endpoint protection solutions.
• Basic Active Directory knowledge.
• Incident Response knowledge/experience.
• Basic networking knowledge.
• Cloud fundamentals.

Nice to Have:

• Scripting knowledge (bash, Python, PowerShell, etc.).
• Experience with Security Information and Event Management tools.
• Industry certifications (e.g., CompTIA Security+, CEH, CCNA).
• Linux certifications (e.g., LPIC‑1, LFCE).

Success Measures (SOC‑aligned):

• SLA attainment on ticket handling and escalations.
• MTTA/MTTD within targets for assigned alert classes.
• Investigation quality (complete timelines, evidence, and accurate classification).
• Documented process/runbook improvements and alert proposals per quarter.