Security Incident Response Engineer
Posted on Apr 5, 2021 by Request Technology
*We are unable to sponsor as this is a permanent full time role*
A prestigious company is on the search for a Security Incident Response Engineer. This role is REMOTE. This person will handle threat incident response, threat management, threat protection, and attacks vulnerability. They will need some experience with Python for automation and Scripting response infrastructure. They need experience with SIEM products such as Splunk and any digital forensics experience is a plus.
- Conduct human driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Develop new and novel detection techniques to identify and stop advanced adversary tactics and techniques.
- Improve automated playbooks that detect, contain, and eradicate security threats.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures).
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Lead the Response Team in responding to active and time-sensitive cyber threats including communications and coordination across different teams.
- Work closely with other members of the Cyber Risk team to lead changes in the organization's defense posture.
- 10+ years of experience in Information Security or a related field
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA)
- Deep understanding of internals and constructs of Linux and Windows
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.)
- Proficiency in Bash
- Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc
- In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS
- Experience using multiple command and control channels, including DNS and HTTPS
- Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation, innovation, and taking risks
- Effective and consistent collaboration through available mediums that enable remote team communication
- Ability to work effectively in a diverse team and promote team diversity