SUMMARY

As an Incident Response Engineer, you will work directly with our security teams and partners across IT and the Application teams to contain and remediate security incidents, as well as designing solutions to improve the overall security architecture for the enterprise. Success in this role will be determined by your deep analytical expertise, including deep packet analysis, malware analysis, de-obfuscation skills, insights into endpoint analytics, and detailed log analysis. You will be called upon to flex your offensive security skills to drive rapid containment and remediation of security incidents, as well as your interpersonal skills to coordinate response with your teammates. Broad experience with security analytics including host logs, endpoint investigations, and network analysis are critical skills for this role.

PRIMARY RESPONSIBILITIES

• Collect and analyze key data and telemetry during a security incident.
• Coordinate containment and remediation activity with cross-functional teams
• Complete all required incident documentation and reporting within established time frames.
• Drive improvements from incident lessons learned.
• Develop playbook\SOP to improve Incident Response processes to align with industry guidelines and standards.
• Develop and implement security monitoring use cases driven by threat intelligence.
• Conduct periodic threat hunting exercises to actively discover suspicious activity across the enterprise.
• participate in periodic exercises to test the effectiveness of IR\SOC process and controls.

REQUIRED KNOWLEDGE/SKILLS/ABILITIES

• Bachelor's degree and 4 to 6 years of experience in Incident Response and SOC. Additional relevant experience and professional certifications will be considered in lieu of a degree.
• Understanding of host-based and network security logging.
• Experience in usage of enterprise security solutions.
• Understanding related to security encompassing end point technologies, applications, application hosting, physical and virtual data center hosting.
• Experience with security practices such as security incident response and risk management.
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
• Must be a critical thinker with strong problem-solving skills.
• Knowledge of information security management frameworks, such as ISO 27001, ITIL, COBIT or NIST.
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• Proven ability in security process and organizational design; Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies.

PREFERRED KNOWLEDGE/SKILLS/ABILITIES

• Degree in applicable field
• Professional information security certification, such as GCIA, GCIH, or OSCP
• Knowledge of common security frameworks and regulations including FFIEC, NYDFS and NIST Cybersecurity Framework
• In-depth and hands-on experience with Security Analytics and Incident Response
• Knowledge in Scripting languages (e.g. BASH, Python, etc)