About Certora

Certora is the security assurance partner trusted by the most advanced teams in Web3. Founded in 2018 by pioneers in programming languages and formal methods, Certora helps leading protocols like Lido, Aave, Uniswap, and Compound secure billions in value with confidence.

But we’re not just another auditor. We’re a full-stack security assurance platform, combining best-in-class formal verification tools with expert advisory services, delivered on time and with zero compromise. Whether you’re launching a new protocol, upgrading core infrastructure, or securing a DeFi primitive, Certora doesn’t just look for vulnerabilities. We help you prove correctness, accelerate your development speed, and embed safety into your design from day one.

With Certora, you get:

- Proven, scalable tooling for checking real deployed code

- A deep partnership model with on-demand support

- Fast, responsive execution that helps you go-to-market faster

For us, security isn’t a checklist, it’s a continuous process. Certora is the most comprehensive and trusted platform to ensure your platform is protected, even under adversarial conditions. From testnet to mainnet, we’re with you.

About the Role

Certora is looking for an experienced SOC Analyst – Web2 Security Operations to join our Security Operations team.

This role is focused on security monitoring, investigation, incident response, and operational improvement across Web2 environments. It is designed for a security professional who can take ownership of security events from initial triage through full investigation and response, while working effectively across internal teams and customer-facing situations.

This role goes beyond alert monitoring and triage. It requires strong investigative capabilities, including event research, enrichment, root-cause analysis, and building a clear operational understanding of incidents across multiple systems and data sources. We are looking for someone with strong Web2 security fundamentals and hands-on experience in SOC operations, detection, and incident response. Familiarity with Web3 security environments is a strong advantage, but not a requirement.

This is a non-shift position. However, availability outside business hours is required in the event of critical incidents.

Key Responsibilities

• Perform day-to-day SOC operations, including alert handling, triage, escalation, and response coordination

• Lead end-to-end security incident investigations and response activities across Web2 environments

• Investigate and analyze security events across SIEM, EDR, cloud, identity, endpoint, and other operational data sources

• Conduct deep event research and enrichment to establish context, assess impact, and support decision-making during incidents

• Perform root-cause analysis and build a clear operational understanding of incidents across multiple systems and environments

• Develop, tune, and optimize detection rules, thresholds, and correlation logic to improve signal quality and reduce false positives

• Improve monitoring coverage and operational effectiveness through better alerting, enrichment, and investigation workflows

• Produce clear investigation reports, technical findings, and executive-level summaries

• Work directly with customers during active security events in a professional and structured manner

• Develop and maintain playbooks, runbooks, and operational procedures

• Build and maintain automations using scripting, SOAR platforms, and API-based workflows

• Contribute to cross-functional security initiatives and continuous improvement of team processes

• Support investigations involving Web3-related events when relevant

• Fluent English, with the ability to communicate clearly and professionally in both written and verbal form

Mandatory Requirements

• 3+ years of experience as a SOC Analyst, Incident Responder, or in a similar security operations role

• Proven experience handling security incidents end-to-end

• Strong hands-on experience in SOC operations, incident response, and security investigations

• Strong knowledge of Web2 security fundamentals across endpoint, identity, cloud, and networked environments

• Advanced hands-on experience with Splunk or a similar SIEM platform, including:

  • writing and tuning detection rules

  • parsing and data onboarding

  • understanding SIEM architecture

  • detection optimization and correlation logic

• Experience working with EDR solutions such as SentinelOne, CrowdStrike, Microsoft Defender, or similar

• Strong threat hunting and complex query-writing capabilities

• Experience analyzing alerts, tuning thresholds, and improving signal quality to reduce false positives

• Experience building automations and writing scripts using Python, Bash, and APIs

• Experience working directly with customers during security incidents or security operations engagements

• Ability to work independently, take ownership, and drive tasks through to completion

• Fluent English, with strong written and verbal communication skills

• Ability to work effectively in a remote environment while maintaining clear, proactive, and structured communication with the team lead and the rest of the team

Nice to Have

• Familiarity with Web3 security investigations, including transaction analysis, wallet activity, smart contract-related incidents, and on-chain context

• Experience investigating security events in hybrid Web2 / Web3 environments

• Experience with SOAR platforms

• Cloud security experience in AWS / Azure / GCP

• Experience working in a startup or high-growth environment

• Strong incident response methodology knowledge, including root-cause analysis and lessons-learned processes

Who You Are

• Independent, accountable, and comfortable taking ownership end-to-end

• Proactive, hands-on, and solution-oriented

• A strong communicator and team player, with the ability to work remotely while maintaining clear and structured reporting

• Fast learner, able to quickly ramp up on new technologies, domains, and attack patterns

• Analytical and methodical, with strong investigative and root-cause analysis skills

• Able to communicate technical findings clearly to both technical and non-technical stakeholders

• Process-oriented, with a continuous improvement mindset

• Automation-driven and focused on operational efficiency

Certora People

We are Customer Centric, when we commit, the customer knows we will deliver in a quality and timely manner.

We Move Fast - we’re looking for people with a bias for action and a sense of urgency to achieve quick results while we also Break Nothing – we have high-quality standards, we are looking for people who are professional and hold themselves accountable.

We win as a Team – our teams are distributed around the world. We understand our individual roles and commit to the team's goals.

We have a positive “can do” attitude. We support each other and are encouraged to ask for help and advice. We enable people to grow by clarifying expectations and giving candid feedback and on-the-job development opportunities. We welcome collaboration both internally and externally for outstanding delivery.

We are Pioneers in DeFi security. We are one of the best companies to help developers and security researchers secure Web3, but we try to stay humble and are always eager to learn more.

Why join Certora?

Certora provides you a wonderful opportunity to:

• Work on cutting-edge technology and challenging problems at the forefront of Web3 applications and technologies

• Contribute to securing the web3 ecosystem with the leading provider of end-to-end security for blockchain-based applications

• Experience a friendly creative start-up environment with top talent in the domain

• Work in a fast-paced and supportive culture: we move fast and break nothing!

• Enjoy flexible work (remote / hybrid)

• Get competitive compensation & benefits (including equity)

Department

Security

Role

SOC Analyst

Locations

Argentina, Brazil, India, Vietnam, Israel, Philippines, Colombia

Remote status

Fully Remote

Employment type

Full-time