Sr. Incident Response Security Engineer
Job Description:
What You'll Be Doing
- Incident response lead on investigations and applied in the context of a broader understanding of CSIRT and related systems and processes.
- Incident responder who conducts forensics examination of digital media, memory, malware, network logs, packet capture and other logs AND can develop the tools necessary to perform cutting edge analysis; especially around networks and cloud infrastructure.
- Utilize IT skills and experience to define potential solutions to forensics, especially related to network visibility and cloud infrastructures.
- Develop and lead RED TEAM practice, including engagements and penetration tests; with the objective to identify and safely exploit vulnerabilities.
- Encouraging improvement and innovation within Incident response and nurturing and developing less-experienced staff through coaching and written and verbal feedback.
- Utilize IT skills and experience to define potential solutions to forensics, especially related to network visibility and cloud infrastructures.
- Prepare and review reports that promote constant security enhancements.
- Apply and execute standard information systems theories, concepts and techniques and assist in the development of standards and procedures.
- Perform threat hunting to find advanced cyber adversaries by utilizing threat intelligence and attacker TTPs/IOCs.
- Contribute to threat intelligence tracking, modeling, and systems.
- Transitioning, maintaining, or using Security Technologies such as Security Incident and Event Management (SIEM), Endpoint protection, EDR, NDR, Data Loss Prevention, and Forensic tools.
- Work with Security Operations L1-L3 on detection and response playbooks.
- This person should have the skills to conduct the analysis when needed but will primarily be focused on solving new problems and implementing research techniques.
What We Are Looking For
- BA/BS degree preferred
- Minimum 4 years of Information Security experience
- Minimum 3 years of Incident Response experience
- Red team or penetration testing experience preferred
- Forensic examination experience, including top tools (SIFT, Volatility, Magnet AXIOM, Autopsy, F-Response, and others)
- Solid background in network and systems administration as they relate to security best-practices, including cloud infrastructure
- Familiarity with troubleshooting network communication and system configuration issues
- Comprehension of top security threats (OWASP Top 10, SANS 25, NVD, etc.) and their remediation techniques
- Familiarity with tools such as nmap, wireshark, psexec, nessus or similar solutions
- Operational experience with the following preferred: Firewalls, Vulnerability scanners, Intrusion Detection/Prevention systems, End Point Protection Systems, SIEM Log Management Systems
- Working knowledge of the Electronic Discovery Reference Model (EDRM)
- Ability to meet deadlines and Service Level Agreements (SLA's) while performing activities in a time critical, highly confidential process
- High level of discretion in dealing with sensitive and confidential information
- Strong analytical and verbal skills
Even Better If You Have
- Working knowledge of software development and or scripting languages such as Python, Ruby, C# and/or PowerShell
- Experience with Cybersecurity SOAR platforms specifically with Demisto
- Experience working with advanced eDiscovery tools such as Security&Compliance Center for Office 365
- Working knowledge of regular expressions (regex)
- Comfortable working with command-line interfaces and with cloud environments such as AWS and Azure
- Working knowledge of Boolean expressions
- Working knowledge of the Microsoft Keyword Query Language Structure
What’s In It For You
At Arrow, we recognize that financial rewards and great benefits are important aspects of an ideal job. That’s why we offer competitive financial compensation, including various compensation plans, and a solid benefits package.
- Medical, Dental, Vision Insurance
- 401k, With Matching Contributions
- Generous Paid Time Off
- Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options
- Growth Opportunities
- Short-Term/Long-Term Disability Insurance
- Deeply discounted RTD Passes, with convenient office location off RTD Light Rail (Dry Creek Exit)
- On-site Café with Catering Option for Busy Lifestyles (availability subject to COVID-19 office guidelines)
- 24/7/365 On-site Gym and Lockers, Free for Use to All Employees! (availability subject to COVID-19 office guidelines)
- And more!
Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)