Incident Response Threat Engineer/Splunk
Posted on May 22, 2020 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*This role can be a remote role for the right candidate*
*Position is bonus eligible*
Prestigious Enterprise Company is currently seeking a Incident Response Threat Engineer with strong Splunk experience. Candidate is responsible for all aspects of security threat management. This hands-on technical role shares responsibilities across the team in conducting cyber threat intelligence, executing threat hunts, participating and leading incident response efforts, performing digital forensics, and implementing threat protection across the enterprise. Candidate will be responsible for building, maintaining, and improving the engine that powers large-scale security threat management capabilities that protect, detect, and respond to emerging threats and sophisticated attacks on enterprise networks. The person in this role reviews and analyzes large and highly complex data-sets and information to provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers cold.
Candidate should have an applied and in-depth understanding of malware, attacker tactics, techniques, and procedures and experience defending organizations from these threats. In addition to having a breadth of technical experience, the candidate should have leadership and customer communication experience
- Design, build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Computer Incident Response Team (CIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- BS/MS in Computer Science or equivalent work experience.
- 7+ years of experience in information security.
- Possession of a holistic view of the threat, vulnerability, and risk as well as their relationship.
- Deep understanding of internals and constructs of at least two main modern operation systems.
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).
- Applied experience with application and business logic Embedded in business systems.
- Knowledge of open security testing standards and projects, including OWASP.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Advanced knowledge of TCP/IP Networking, and network services such as DNS, SMTP, DHCP, etc.
- In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS.
- Experience employing phishing and other social engineering tactics.
- Experience using multiple command and control channels, including DNS and HTTPS.