Security Incident Response Engineer
Posted on Apr 22, 2020 by Request Technology
*This is a permanent full time role*
A prestigious company is on the search for a Security Incident Response Engineer. This role is REMOTE. This role is a hands on position that will have shared responsibilities across the team in conducting cyber threat intelligence, leading incident response efforts, performing digital forensics, executing threat hunts, and implementing threat protection across the enterprise. The Security Incident Response Logging and Event Engineer is responsible for building, maintaining, and improving the engine that powers large-scale security threat management capabilities that protect, detect, and respond to emerging threats and sophisticated attacks on enterprise networks. This person must have experience with Splunk and not just being a user but have experience adjusting logs and formatting logs. Also needed is the ability to customize the Splunk infrastructure.
- Work with application development teams and third-party vendors to develop data for enterprise applications in order to create appropriate logs and events
- Create logging configuration standards for all IT infrastructure and instructs IT on how to configure systems to log appropriately
- Create event dashboards and metrics and establishes threshold standards
- Perform centralized data onboarding and log ingestion into the Splunk platform to improve the visibility of security threat management at Company
- Administer Splunk Enterprise Security solution in a highly available, redundant, distributed multi-site clustered environment
- Create and optimize correlation searches for the Security Operations Center (SOC) analysts
- Assist in the operations, performance, and troubleshooting of Splunk, Search Heads, Indexers, Heavy Forwarders, Deployment Server, Splunk Apps/TAs and Data Models
- Provide recommendations and implement changes to optimize the Splunk platform
- Reproduce issues, file bug reports, and escalate cases to Splunk support as necessary
- Performs log audits and actively works to improve log management compliance
- Ensures data retention of logs and alerts meets corporate standards
- Maintain Splunk systems internal documentation, including SOP's and design documents
- Create technical documentation related to system configurations, process, procedure, and knowledgebase articles.
- Support defensive tools and solutions that identify and stop advanced adversary tactics and techniques.
- Participate in Computer Incident Response Team (CIRT) responses to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Cyber Risk Management team to lead changes in the company's defense posture.
- 5+ years of experience in information security
- 2+ years of hands-on experience with Splunk Enterprise Security
- Certified Splunk Administrator/Enterprise Security
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
- Experience administrating and operating Splunk in an enterprise environment
- Knowledge and experience working with the Splunk API
- Understands the security incident response discipline, including threat hunting, forensics, intrusion detection, and threat intelligence
- Experience with at least one interpreted programming language (Python, Ruby, etc.)
- Proficiency in PowerShell and/or Bash
- Understanding of TCP/IP Networking, and network services such as DNS, SMTP, DHCP, etc.
- Experience in common phishing and other social engineering tactics
- Familiarity with malware, command and control channels, and attacker tactics, techniques, and procedures
- Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation and innovation
- Effective and consistent collaboration through available mediums that enable remote team communication
- Ability to work effectively in a diverse team and promote team diversity