CSIRT Engineer (HYBRID)

About The Position

Requirements

• 4+ years of Incident Response experience
• Knowledge of digital forensics and incident response best practices
• Experience with responding to cloud-based incidents
• Demonstrated experience performing root cause analysis of security events and incidents
• Knowledgeable with security frameworks (E.g. – MITRE ATT&CK framework)
• Ability to understand security control mechanisms for Windows, Linux, and Mac operating systems
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of common threat actor TTPs
• Proficient in scripting languages such as Bash, Python, Perl, and PowerShell
• Ability to apply strong critical thinking, logic, decision making, troubleshooting, and problem-solving skills
• Strong written and oral communication skills
• Ability to work independently and as a team member
• Ability to handle advanced-level triage and troubleshooting
• Ability to produce technical documentation, such as Visio flows and processes
• Ability to understand complex problems while presenting them simplistically in a formal setting
• Ability to learn and apply large amounts of technical and procedural information, and to follow published standards and processes.
• Ability to follow complex instructions, resolve conflicts or facilitate conflict resolution, and have strong organization/priority setting skills.
• Ability to analyze Windows systems for changes that occur during a specific timeframe.
• Ability to analyze network packet captures
• Knowledge of cloud computing technologies and concepts (SaaS, PaaS, IaaS, etc.)
• Knowledge in cyber defense systems and mechanisms. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)

Nice To Haves

• GIAC Cloud Security Essentials Certification (GCLD)
• GIAC Cloud Forensics Responder (GCFR)
• GIAC Certified Web Application Defender (GWEB)
• GIAC Cloud Security Automation (GCSA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Defending Advanced Threats (GDAT)
• GIAC Cyber Threat Intelligence (GCTI)
• Certified Information Systems Security Professional (CISSP)
• Other equivalent industry-related certification

Responsibilities

• Identify, detect, respond, and mitigate sophisticated threats to GEICO
• Perform incident response functions including:
• Responding to cloud-based incidents in AWS, Azure, and GCP
• Host-based analysis of Windows, Linux and Mac operating systems
• Examine data collected from a variety of tools and sources (e.g., IDS alerts, firewall logs, web logs, network traffic logs) to identify IOCs and/or malicious TTPs
• Review/Comprehend log data and apply use case scenarios in effort to further develop threat detection and incident response capabilities
• Analyze events that occur within their environments for the purposes of mitigating threats

Benefits

• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year.