Senior Security Engineer, Incident Response - Virtual

POSITION SUMMARY

The Sr. Security Engineer is responsible for testing physical, logical, and electronic protection of data, including cloud, corporate, web application, access control, intrusion detection/prevention, virus protection, and more, as well as Digital Forensics, Software Development, Vulnerability Research, Reverse Engineering, Software/Hardware Engineering, and Operational Consultancy (e.g., Red Teaming/Hunt, Mission Evaluation) and performing incident response and working in the global security operations center. The Sr. Security Engineer will also assist with identifying current and emerging cyber events, along with developing countermeasures with known and/or discovered indicators.

RESPONSIBILITIES

• Resolve incidents and problem tickets issued against supported devices within published SLAs
• Identify opportunities for process improvement and automation of repetitive tasks leveraging a SOAR platform
• Operate security operations technology (SIEM/EDR) and provide ongoing system support and advice to other users of this technology
• Devise and implement approaches to monitor applications and data flows via effective information dashboards for operational metrics, end-to-end system data processing, incident management, change control, and compliance
• Use monitoring data in combination with other sources to analyze the risk of a successful attack
• Proactively recommend new tools, techniques, and procedures to enhance SOC performance and quickly learn new tools as they are introduced
• Actively search all areas of the internal network for hidden threats and vulnerabilities
• Assist in the development and documentation of policies and processes
• Support audits and compliance efforts
• Participate in red/blue/purple team exercises as needed to analyze threat scenarios and assess internal defenses. Document results
• Engage positively across multiple teams to establish clarity, vision, and mutual trust in order to achieve business goals
• Adheres to industry-specific local, state, and federal regulations, as applicable
• Other duties as assigned

QUALIFICATIONS

• 3 + years of IT engineering experience
• Knowledge of operating systems internals and endpoint security experience
• General knowledge of APT campaigns, Tools, Techniques, & Procedures (TTP), malware attack vectors, memory injection techniques and malware persistence mechanisms
• U.S. Citizen
• Ability to obtain and maintain a Top Secret clearance

DESIRED QUALIFICATIONS

• Certified Information Systems Security Professional (CISSP) certification
• 5+ years of cybersecurity incident response participation
• Active security clearance a plus