Sr. Incident Response Engineer

About The Position

Requirements

• BS degree in computer science, computer engineering, software engineering, cybersecurity or related technical degree; or 5 years equivalent technology experience.
• 5+ years' experience in information security in an enterprise environment.
• 3+ years' experience and understanding of incident response processes in both datacenter and cloud-based environments.
• Knowledge of malware trends and behaviors and the ability to work with other teams to detect and respond to these threats.
• Experience with Intrusion Detection and Prevention Systems (IDS/IPS), Firewall and Network Log analysis, Security Information and Event Management (SEIM) tools, threat intelligence services, and malware analysis.
• Experience analyzing network and host-based security events.
• Experience with attacker tactics, techniques, and procedures.
• Experience with Windows and Linux Operating Systems.
• Knowledge of common software, operating systems vulnerabilities, and Unix/Linux.
• Understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk.
• Experience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK.
• Experience creating workflows and remediation plans for vulnerabilities identified.
• Incident Response experience in a healthcare environment.
• Experience using ServiceNow for SIR, CMDB, and/or ITSM functions.

Nice To Haves

• Certified Information Systems Security Professional (CISSP) certification
• Certified Information Security Manager (CISM) certification
• GIAC Certified Incident Handler (GCIH) certification
• FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
• FOR500: Windows Forensic Analysis

Responsibilities

• Conduct security investigations and lead security incident response in a cross-functional environment.
• Actively call and lead security incident bridges and coordinate internal incident response efforts between operations team and managed security services.
• Develop Incident Response initiatives that improve capabilities to effectively respond and remediate security incidents.
• Expand SIEM program, ensuring log coverage, alert development, and process improvement.
• Partner with cyber threat intelligence, vulnerability management team, and technology remediation groups to improve detection and response efficacy.
• Support broader security operation initiatives within the cyber defense team and across engineering and operation departments.
• Create and improve security playbooks for various incident and compromise types for all levels of engineers and stakeholders.

Benefits

• Immediate eligibility for health and welfare benefits
• 401(k) savings plan with dollar-for-dollar match up to 5%
• Tuition Reimbursement
• PTO accrual beginning Day 1