is actively seeking an experienced, passionate, and dedicated Senior Security Incident Response Engineer. This position will join the Security Operations team spread across the US and Philippines, reporting to Senior Security Incident Response Manager and is offered as a US-based fully remote role. The team provides critical value to by identifying and responding to security incidents across ’s global network and cloud environments. Specific responsibilities include: Provide US-based security incident handling that meets FedRAMP Moderate standards. Support the expected IR lifecycle in preparation activities such as delivering playbooks and SOPs that drive consistent execution for the IR program. Respond to Cyber Security Incidents as a part of the 24/7 Security IR Team. Our incident handlers are responsible for maintaining incident situational awareness. This position proactively collaborates across internal teams to coordinate incident management, escalate to Leadership, and facilitate remediation actions. You will use your industry experience to own and drive the resolution of complex security incidents through the typical lifecycle of triage, contain, eradicate, recover, post-incident activity, and lessons learned. Monitor security event alerts and respond accordingly during your shift. Assess, prioritize, escalate when necessary, and manage security alerts according to the IR Playbook. Act as escalation point for Service Desk on escalated security incidents. Threat hunt and investigate indicators of compromise (IoC) and threat actor tactics, techniques, and processes (TTPs) across the eco-system. Conduct network, log, file, and system analysis to extract IoCs and attacker behavior artifacts Using Security tools and visibility, you will investigate thoroughly by pivoting across available information to record observed security events. Use threat hunting methodology and threat intelligence feeds and tools to determine and implement contextual high yielding detections for the eco-system. Build detections for use across the team of responders. You will be monitoring and responding to the detections that you build. You will differentiate strict and loose components of an attacker behavior to ensure robust detection logic is authored and use other techniques that address detection efficacy. Design and lead detection sprints to significantly expand detection capabilities through a structured research process. Produce analysis and output for long term tracking of detection coverage. Conduct quality assurance and control on draft and deployed detection logic. Perform security response actions across tools used by this team. IPS, SIEM, AV. Work closely with ’s MSSP to increase effectiveness of SIEM analysis and respond to MSSP threat detection escalations Inform the larger audience about trends and observations from the Security Incident Response program. Perform trend analysis and industry standard measurement and metric reporting to inform Security Leadership and others of Security Incident trends, observations, and threat landscape evolution. Recognize, adopt, advocate for, utilize and teach best practices in security incident response and detection management. Act as mentor to less experienced team members. Provide guidance to SMEs who are called upon to assist is incidents. Qualifications US Citizenship and physical working location within US is required. Experience handling Security Incident Response in a FedRAMP environment is preferred. Bachelor’s degree in Engineering or Computer Science or equivalent work experience in InfoSec Incident Response field. Certification such as: GCIH, GCFA, Security+ Five years of professional experience working in a Security Incident Response (IR) capacity including areas of focus such as SOC Analyst, Threat Intel Analyst, Compromise Specialist, or Forensic Analyst. Three years of direct experience orchestrating, monitoring, and creating custom threat detections. Proficient in responding to and developing threat analytics and correlations to detect threat tactics and behavior anomalies for malicious activities across key infrastructure components such as Active Directory, email, user computing, and other business applications. Experience with critical IR functions: malware detection and remediation, attacker tactics and methods, command and control communications, ransomware, data exfiltration, threat hunting, passive detection, cybersecurity kill chain, cyber threat intelligence, recording and reporting observations and findings. Experience with critical IR tools used in detecting and resolving incidents such as: Enterprise Endpoint Protection, Network IPS, Reverse Engineer Sandboxes, Forensic capture and analysis, Log data mining, AV remediation, network packet capture, and hands-on work building response workflow and orchestration such as SOAR. Hands-on development of tool signatures and actions in response to adversary tactics or zero-day exploits to detect attack vectors, bots, C2, DNS exfiltration, malware. Strong SIEM experience in Splunk building and tuning correlation searches, data models, and other components of enterprise security. Expertise in alerting, orchestrating, and tuning Splunk enterprise security. This includes correlation searches, data model maintenance, and content verification as well as strong skills in complex splunk searching, reporting, regular expressions, and security essentials. Deep technical knowledge. Understanding and hands-on administration in the securing of Windows and Linux operating systems; Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP; Experience with securing the stack in scope of corporate applications such as ERPs, web applications, and databases. Hands-on experience handling various incident types such as: APT, malware infections, ransomware, phishing, imminent threat (vulnerabilities), data at risk, unauthorized access, and performing root cause analysis. Familiar with cloud related security response capabilities. Including Azure as well as core AWS IaaS components, including: S3, VPC, IAM, Security Groups, flow logs, portals, etc. Amazing customer service skills, can-do attitude. You’ll play a role in securing and our customers.

Send Application

Upload Resume / CV (Select or Drop File)

Signup to newsletter and receive daily job updates, services, etc.