Security Analyst

At Bolster, you will help protect global brands from phishing, impersonation, and online fraud campaigns targeting their customers and employees. In this role, you will investigate suspicious domains, websites, and malicious infrastructure, validate emerging threats, and support remediation and takedown efforts. You will work closely with cross-functional teams in a fast-paced environment focused on identifying and disrupting cyber threats. We are seeking a highly motivated and detail-oriented Security Analyst – Threat Hunting / Cybersecurity Analyst to join our growing security team. The ideal candidate has experience in cybersecurity investigations, threat hunting, phishing analysis, and online fraud detection, along with strong analytical and problem-solving skills. Location: We prefer candidates based in our Santa Clara office, but are open to fully remote candidates. \n

Responsibilities

Proactively conduct threat hunting activities across endpoints, networks, cloud environments, and security platforms. Monitor and analyze security alerts from SIEM, EDR, IDS/IPS, and other security tools. Investigate suspicious activities, indicators of compromise (IOCs), and potential security incidents. Perform incident triage, containment, remediation, and post-incident analysis. Develop and refine detection rules, use cases, and threat intelligence correlations. Analyze malware, phishing attempts, and attack patterns to identify emerging threats. Collaborate with IT, Engineering, and Infrastructure teams to strengthen security controls. Document investigations, findings, and remediation recommendations clearly and accurately. Support vulnerability management and security assessment initiatives. Stay current on cybersecurity trends, threat actors, tactics, techniques, and procedures (TTPs). Qualifications 2+ years of experience in cybersecurity, Trust & Safety, brand protection, threat intelligence, or related security operations roles. Well-versed in phishing, impersonation, credential harvesting, and online fraud activity, including investigative and reporting workflows. Understanding of internet infrastructure, including domains, DNS, hosting providers, redirects, and attacker infrastructure. Knowledge of cybersecurity and fraud detection principles, including common attacker tactics, techniques, and procedures (TTPs). Experience with OSINT tools and investigative methodologies is preferred. Strong analytical and investigative mindset with excellent problem-solving and hypothesis-driven investigation skills. Self-motivated and detail-oriented, with the ability to work independently and collaboratively in a fast-paced environment. Strong written and verbal communication skills, with the ability to clearly document findings and summarize technical information for internal stakeholders. Familiarity with threat intelligence platforms, phishing analysis, and abuse reporting processes is a plus. Security certifications such as Security+, GSEC, CySA+, or similar are a plus. Willingness and flexibility to assist with time-sensitive investigations and critical security incidents as needed. \n$70,000 - $100,000 a year For California-based candidates, the estimated on-target earnings (OTE) range for this role is dependent on experience, qualifications, and location within the state. The final compensation package will be determined based on these factors and may include a combination of base salary, variable incentives, and benefits in accordance with applicable laws. \nWhy Bolster? Bolster builds a next-generation AI-powered fraud prevention and brand protection platform designed to detect and eliminate phishing, impersonation, and online scams at internet scale. Our platform protects enterprises from external digital threats across websites, social media, mobile apps, messaging platforms, and the dark web—helping organizations safeguard their brands and customers from rapidly evolving cyberattacks. Bolster is trusted by leading global enterprises and Fortune 500 companies that rely on our technology to detect and automatically take down phishing and impersonation attacks in real time. Our team brings deep cybersecurity expertise with decades of combined experience across leading technology and security organizations. Bolster is backed by leading investors including M12 (Microsoft’s venture fund), Thomvest Ventures, and Crosslink Capital, helping accelerate innovation in AI-driven threat protection. Our AI and machine learning technology uses deep learning, computer vision, natural language processing, and large-scale threat intelligence to detect malicious infrastructure and automate takedowns with high accuracy and speed. We also extend our technology to the broader community through CheckPhish (https://checkphish.ai) — a free phishing and scam detection tool used by millions of security researchers, organizations, and consumers worldwide. The platform helps identify fraudulent websites and contributes valuable threat intelligence to strengthen Bolster’s detection models. Learn more about our culture and values: https://bolster.ai/ What we offer: -Excellent medical, dental, and vision insurance -Flexible time off + paid holidays. -Equity + 401(k) plan Apply To This Job