Incident Response Engineer
Location – San Jose,CA
Roles & Responsibilities
Must demonstrate expert knowledge in Incident Response and one or more of the following areas:
Threat Hunting, Digital Forensics, Monitoring and Detection, Cyber Intelligence Analysis, Data Loss Prevention
Core Job Functions Include:
Investigations -Investigating computer and information security incidents to determine extent of compromise to information and automated information systems, must be familiar with notable event triage, Host Forensics, Network Analysis.
Escalations- Responding to escalated notable events from security tooling to develop/execute security controls, Defense/countermeasures to prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
Research - Researching attempted or successful efforts to compromise systems security and designs countermeasures.Stay educated on latest trends, techniques, tactics and procedures.
Communications -Provides information and updates to shift leads, creates pass-downs for the next shift, works closely with supporting teams, provides feedback for new security policy and standards, and engages with other teams.
Digital Forensics- As it relates to information systems, performs HR investigations and legal holds in a forensically sound manner. Consults with HR and legal subject matter experts to adhere to local country laws.
Coverage -Must be willing and able to perform shift work, weekends, and holidays as well as participate in a rotating shift consisting of four (4) 10 hour shifts with four days on, three (3) days off and rotations across Day, Swing, and Graveyard shifts as needed.To be successful in this position, you should be proficient with:Incident Response – Getting people to do the right thing in the middle of an investigation.
Offensive Techniques - Penetration testing, IOCs, and exploits at all layers of the stack. Need to be very familiar with real world scenarios and current attacker behavior.Logs - you should be very comfortable with a SEIM to be able to gather and analyze logs to recreate incidents and hunt for threats. Should have experience developing and tuning detection logic.
System Forensics -Understanding of image acquisition techniques, memory forensics, host forensics.
Networking Fundamentals -TCP/IP Protocols and associated analysis tools eg. Wireshark/TCPDump.
Scripting -Should be familiar in scripting in at least one of the following: BASH, Python, Perl or a similar language.
Risk Analysis -Taking an event in a particular environment and understanding the practical associated risk is a critical part of our jobs.
Automation -Creating and/or modifying scripts to automate repetitive and mundane tasks, freeing up time to focus on advanced investigations and other projects.
Enterprise Security-Should be familiar with enterprise security issues, working at scale.
Minimum five (5) years of professional experience in incident detection and response, malware analysis, digital forensics.