Sr. Incident Response Security Engineer
Sr. Incident Response Security Engineer
Part of Arrow Electronics Global Enterprise Services Team, the Sr. Incident Response Engineer will generally assist with service delivery by identifying, minimizing, and monitoring attack surfaces through vulnerability management, patch management and security monitoring services. Ideal candidates can identify key data points on systems which may be indicators of an attack. The analyst will be primary for activities around data preservation management, data collection and data extraction. The analyst must have a high attention to detail, be very flexible, and have the ability and desire to learn new technical tools and procedures. The analyst will also serve as a key role in the Incident Response forensics and examination programs.
- Incident response lead on investigations and applied in the context of a broader understanding of CSIRT and related systems and processes.
- Incident responder who conducts forensics examination of digital media, memory, malware, packet capture and logs AND can develop the tools necessary to perform cutting edge analysis.
- This person should have the skills to conduct the analysis when needed but will primarily be focused on solving new problems and implementing research techniques.
- Encouraging improvement and innovation within Incident response and nurturing and developing less-experienced staff through coaching and written and verbal feedback.
- Define solutions to exceptions that occur during the performance of forensics
- Utilize IT skills and experience to define potential solutions to forensics
- Prepare and review reports that promote constant security enhancements.
- Apply and execute standard information systems theories, concepts and techniques and assist in the development of standards and procedures.
- Transitioning, maintaining, or using Security Technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, and Forensic tools.
- Troubleshoot SIEM data collection, notification tuning and alerting.
- Work with Security Operations L1-L3 on detection and response playbooks.
- BA/BS degree preferred
- Minimum 4 years of Information Security experience
- Minimum 3 years of Incident Response experience
- Forensic examination experience, including top tools (SIFT, Volatility, Magnet AXIOM, Autopsy, F-Response, and others)
- Solid background in network and systems administration as they relate to security best-practices
- Familiarity with troubleshooting network communication and system configuration issues
- Comprehension of top security threats (OWASP Top 10, SANS 25, NVD, etc.) and their remediation techniques
- Familiarity with tools such as nmap, wireshark, psexec, nessus or similar solutions
- Operational experience with the following preferred: Firewalls, Vulnerability scanners, Intrusion Detection/Prevention systems, End Point Protection Systems, SIEM Log Management Systems
- Working knowledge of the Electronic Discovery Reference Model (EDRM)
- Ability to meet deadlines and Service Level Agreements (SLA's) while performing activities in a time critical, highly confidential process
- High level of discretion in dealing with sensitive and confidential information
- Strong analytical and verbal skills
Nice to have
- Working knowledge of software development and or scripting languages such as Python, Ruby, C# and/or PowerShell
- Experience with Cybersecurity SOAR platforms specifically with Phantom (Splunk)
- Experience working with advanced eDiscovery tools such as Security&Compliance Center for Office 365, Exchange 2013 eDiscovery component, SharePoint 2013 eDiscovery component
- Working knowledge of regular expressions (regex)
- Comfortable working with command-line interfaces and with cloud environments such as AWS and Azure
- Working knowledge of Boolean expressions
- Working knowledge of the Microsoft Keyword Query Language Structure
Non-Customer Facing/Supplier Facing