Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Principal Threat and Incident Response Engineer
Company Ingram Micro
Location 100% Remote (USA and India only)
Preferred GIAC Certifications GPEN, GXPN, GREM, GNFA, GCFA
Travel 10%
Salary Not provided
URL https://jobs.jobvite.com/ingrammicro/job/odWodfwu
Contact Name Charlie Cam
Contact Email SIRT-recruiting/at/ingrammicro.com
Expires 2021-02-02

Job Description

We're looking for a candidate that is passionate about threat hunting and incident response and has a strong background in automation. Join a rapidly growing team of knowledgeable and friendly experts and also a company that is financially stable during these challenging times. This position may be 100% remote for US and India based candidates.

Apply for US position: https://jobs.jobvite.com/ingrammicro/job/odWodfwu
Apply for India position: https://jobs.jobvite.com/ingrammicro/job/ow3Acfw5

Your Role:

The Principal Threat and Incident Response Engineer is responsible for all aspects of security threat management. This hands-on technical role shares responsibilities across the team in conducting cyber threat intelligence, executing threat hunts, participating and leading incident response efforts, performing digital forensics, and implementing threat protection across the enterprise. Position will be responsible for building, maintaining, and improving tools and techniques that power large-scale security threat management capabilities that protect, detect, and respond to emerging threats and sophisticated attacks on enterprise networks. The person in this role reviews and analyzes large and highly complex datasets and information to provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers.

The Principal Threat and Incident Response Engineer should have an applied and in-depth understanding of malware, attacker tactics, techniques, and procedures and experience defending organizations from these threats. In addition to having a breadth of technical experience, the Principal Threat and Incident Response Engineer should have leadership and customer communication experience.


Key Responsibilities:

- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and Splunk to determine source of compromises and malicious activity that occurred.
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- Maintaining proper chain of custody of evidence and associated documentation
- Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.


What you bring to the role:

- Bachelor’s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
- Work Experience: 7+ years’ experience in technical IT or Information/Cyber Security; 5+ directly related to role.
- 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase tool.
- 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
- 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent).
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud services.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
- Deep understanding of internals and constructs of modern operating systems.
- Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Relevant security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).


*Position could require occasional travel, including international travel.
*Please be prepared to provide three current work references and pass a criminal background check and drug test.

This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.