Security Incident Response Engineer
Posted on Mar 14, 2020 by Request Technology
*Permanent full time role*
This is a Remote Position.
A prestigious company is on the search for a Security Incident Response Engineer. This role is a hands on position that will have shared responsibilities across the team in conducting cyber threat intelligence, leading incident response efforts, performing digital forensics, executing threat hunts, and implementing threat protection across the enterprise. This person will design and run the infrastructure and automation to detect, contain, and eradicate security threats. This engineer needs to have experience Scripting using Python for automation.
- Design, build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Computer Incident Response Team (CIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- BS/MS in Computer Science or equivalent work experience.
- 7+ years of experience in information security.
- Possession of a holistic view of the threat, vulnerability, and risk as well as their relationship.
- Deep understanding of internals and constructs of at least two main modern operation systems.
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).
- Applied experience with application and business logic Embedded in business systems.
- Knowledge of open security testing standards and projects, including OWASP.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Advanced knowledge of TCP/IP Networking, and network services such as DNS, SMTP, DHCP, etc.
- In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS.
- Experience employing phishing and other social engineering tactics.
- Experience using multiple command and control channels, including DNS and HTTPS.