Meet the Moment with Alteryx

We're living through a once-in-a-generation shift in how work gets done. Data, automation, and AI are quickly becoming the center of every business decision - and Alteryx is leading the transformation.

You'll be working on the challenges that sit at the heart of modern business. No matter your role, the work you do will help organizations move faster, see more clearly, and tackle questions that used to feel impossible.

If you're ready to meet the moment with innovation, curiosity, and excellence, there's a place for you here.

Senior Security Operations Center (SOC) Analyst

Alteryx is searching for a Senior Security Operations Analyst in India. We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

Position Overview

As a member of the Security Operations team, you will be on the front line of protecting Alteryx products, infrastructure, and applications. You will triage and investigate alerts, lead incident response activities, and improve detection coverage and response outcomes across endpoint, identity, SaaS, and multi-cloud environments (AWS, Azure, GCP). This role is SOC-focused and is intended for a Senior level analyst with demonstrated depth in one or more of the following areas: Forensics, Cloud Security Investigations (AWS/Azure/GCP audit logs and cloud-native security signals), Threat Hunting, and Detection Engineering.

Primary Responsibilities

• Triage and respond to security alerts and incidents across on-prem and multi-cloud enterprise and product environments, leading in-depth investigations using SIEM, EDR, cloud audit logs, identity telemetry, and network data to determine scope, root cause, attacker TTPs, and business impact.
• Lead incident communications (severity updates, stakeholder coordination, executive-ready summaries as needed)
• Execute incident response activities through containment and remediation coordination with partner teams (IT, Cloud/Platform, Engineering), including clear escalation when needed.
• Produce high-quality incident documentation (timelines, evidence collected, hypotheses tested, IOCs, actions taken, lessons learned) and ensure follow-ups are tracked to completion.
• Conduct hypothesis-driven threat hunts mapped to common adversary behaviors (e.g., MITRE ATT&CK).
• Translate hunt findings into actionable improvements: new detections, tuning, playbooks, and telemetry/visibility recommendations.
• Develop, tune, and maintain detection content (correlation rules, SIEM analytics, alert logic) to improve coverage and reduce false positives.
• Validate detections with testing and retrospective analysis; continuously improve alert fidelity and response workflows.
• Collaborate with stakeholders to define and maintain monitoring and detection use cases that drive risk reduction and operational effectiveness.
• Perform basic endpoints and/or cloud forensics during escalated incidents and preserve evidence appropriately.
• Support malware triage and artifact analysis as needed during investigations.
• Investigate cloud-related threats and anomalies using cloud-native security signals and audit telemetry (AWS/Azure/GCP).
• Partner with Cloud/Platform teams to close investigation gaps (logging, retention, telemetry coverage) and validate remediation actions.
• Participate in an on-call rotation to provide 24x7 incident response coverage and serve as an escalation point for high-severity events.

Required Qualifications

• Bachelor’s degree in computer science or related field (or equivalent experience/training). A master’s degree is a plus.
• 4+ years of relevant security operations / incident response experience
• Strong understanding of the security incident management lifecycle and operational response practices.
• Strong experience with SIEM/log management platforms (e.g., Microsoft Sentinel, Splunk, ELK, Snowflake-based analytics, or similar) and demonstrated ability to query and analyze telemetry.
• Ability to analyze and interpret security-relevant data including security event logs, system logs, application logs, cloud audit logs, and device logs.
• Hands-on investigation experience using cloud-native security services (e.g., AWS Security Hub, Microsoft Defender for Cloud, Google Security Command Center) and cloud audit logs.
• Experience with one or more scripting languages (Python, PowerShell, shell) to support investigations, enrichment, and analysis.
• Strong written and verbal communication skills, including clear ticket documentation, incident reporting, and stakeholder updates.
• Excellent analytical and problem-solving skills with a bias toward action and operational rigor.

Preferred Qualifications (One or More Areas of Depth)

• Forensics: Endpoint or cloud forensics, evidence handling, artifact interpretation, malware triage.
• Threat Hunting: Demonstrated experience leading hypothesis-driven hunts and operationalizing results into detections, playbooks, and response improvements (e.g., ATT&CK mapping and coverage tracking).
• Detection Engineering: Detection lifecycle ownership (build/test/deploy/tune/retire), alert quality improvement, playbook development.

Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we’re invested in building teams with a wide variety of backgrounds, identities, and experiences.

This position involves access to software/technology that is subject to U.S. export controls. Any job offer made will be contingent upon the applicant’s capacity to serve in compliance with U.S. export controls.