CSIRT Engineer (HYBRID)

About The Position

Requirements

• 4+ years of Incident Response experience.
• Knowledge of digital forensics and incident response best practices.
• Experience with responding to cloud-based incidents.
• Demonstrated experience performing root cause analysis of security events and incidents.
• Knowledgeable with security frameworks (e.g., MITRE ATT&CK framework).
• Ability to understand security control mechanisms for Windows, Linux, and Mac operating systems.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of common threat actor TTPs.
• Proficient in scripting languages such as Bash, Python, Perl, and PowerShell.
• Ability to apply strong critical thinking, logic, decision making, troubleshooting, and problem-solving skills.
• Strong written and oral communication skills.
• Ability to work independently and as a team member.
• Ability to handle advanced-level triage and troubleshooting.
• Ability to produce technical documentation, such as Visio flows and processes.
• Ability to understand complex problems while presenting them simplistically in a formal setting.
• Ability to learn and apply large amounts of technical and procedural information, and to follow published standards and processes.
• Ability to follow complex instructions, resolve conflicts or facilitate conflict resolution, and have strong organization/priority setting skills.
• Ability to analyze Windows systems for changes that occur during a specific timeframe.
• Ability to analyze network packet captures.
• Knowledge of cloud computing technologies and concepts (SaaS, PaaS, IaaS, etc.).
• Knowledge in cyber defense systems and mechanisms (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).

Nice To Haves

• GIAC Cloud Security Essentials Certification (GCLD)
• GIAC Cloud Forensics Responder (GCFR)
• GIAC Certified Web Application Defender (GWEB)
• GIAC Cloud Security Automation (GCSA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Defending Advanced Threats (GDAT)
• GIAC Cyber Threat Intelligence (GCTI)
• Certified Information Systems Security Professional (CISSP)
• Other equivalent industry-related certification

Responsibilities

• Identify, detect, respond, and mitigate sophisticated threats to GEICO.
• Perform incident response functions, including responding to cloud-based incidents in AWS, Azure, and GCP.
• Conduct host-based analysis of Windows, Linux, and Mac operating systems.
• Examine data collected from various tools and sources (e.g., IDS alerts, firewall logs, web logs, network traffic logs) to identify IOCs and/or malicious TTPs.
• Review and comprehend log data, applying use case scenarios to further develop threat detection and incident response capabilities.
• Analyze events occurring within their environments to mitigate threats.

Benefits

• Competitive pay
• Benefits
• Flexibility to support your well-being and future
• Personalized development programs
• Mentorship
• Certification assistance