Lead Incident Response Security Engineer
Posted on Sep 1, 2021 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Enterprise Company is currently seeking a Lead Incident Response Security Engineer. Candidate will coordinate response, triage and escalation of security incidents.
- Be responsible for understanding the threat landscape by working with other Cyber functions such as Threat detection, Threat Intelligence, Digital Forensics etc. and in building & executing required action plan
- Act as a role model and provide tactical support to your peers and other security analyst teammates, who deliver Cybersecurity's scaled threat response, assessment and response efforts, including mentoring & train other team members
- Routinely participate in the review of new SIEM use cases, develop & update incident response playbooks to ensure response activities align with best practices
- Lead technical activities, oversee tactical delivery of improvements to Cybersecurity's Incident Response processes
- Support development of SOPs, Resiliency plans, and other necessary documentation to support Security Operations
- Augment Incident response team to ensure 24/7 coverage and operations.
- Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice
- Provide thought leadership and guidance on intelligence/analytics research to build capabilities to provide automated and proactive detection and response to threats
- Routinely brief and update senior leadership and other stakeholders on the active incidents and manage expectations
- Build and leverage effective relationships across within Information Security with functions such as Threat Intel, Forensics, Threat Detection as well as external teams in various lines-of-business, ensuring clear lines of communication and a comprehensive approach to security
- 8+ years of Information Security experience
- Bachelor's degree in Information Security, Computer Science, Information Technology, related field or equivalent work experience
- 3-5+ years of Hands on Information Security SOC/Incident Response experience with analysing IOCs/Alerts as identified by SOC & Threat Intel teams
- Proven experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in solving day-to-day operational processes such as security monitoring, data correlation, security operations etc.
- Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
- Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection)
- Demonstrated experience with utilizing SIEM such as Splunk (preferred), ArcSight, QRadar, etc. in investigating security issues and/or complex operational issues on Windows and Unix
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
- GCIH IA and Splunk Certified Professional will be preferred