Incident Response Engineer
Incident Response Engineer
This is the primary incident responder who detects, prevents, interrupts, stops, documents and communicates risks, threats, events and metrics. This person is responsible for Security Monitoring, Incident Response, Threat-Intelligence; and as the subject matter expert on operational tools and processes typically found in Security Operations Centers or Managed Security Providers.
- Must be a skilled and expert Security Monitoring and Incident Response Engineer.
- Secondary skill with Vulnerability scanner, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, and signature development is highly desired.
- Additionally, significant experience with Linux and Windows operating systems, knowledge of virtual environments, malware analysis and APT Methodologies.
- Candidate should have broad technical knowledge on several security technologies and a solid understanding of information and networking security.
- Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
- Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of professional Information Technology experience.
- Information Security Certification(s) that could include CEH, CHFI, CFR, CCNA, GCIA, GCIH, GICSP, CHFI, CCNP Security, GSEC, SSCP, CISSP, and/or similar.
- Candidate requires 5+ years of experience delivering incident response and security monitoring in a Security Operations Center or for a MSSP/MSP.
- Membership with FS-ISAC, FSARC, US-CERT, Infragard, and similar is desired
- Prior experience at a financial organization, SIFMU, or FSARC member is desired
- Knowledge of ISO 27001, NIST CSF 1.1, CIS, OWASP, FFIEC
- Knowledge of PCI, PCI DSS, PCI TSP or similar certifications and requirements
- Knowledge of systems hardening to Industry Standards (DoD, CIS, etc.)
- Able to Script automated tasks
- Manage Case Ticketing and reporting as required
- Understanding and experience with red-team, blue-team, purple-team and threat hunting processes
- Membership with FS-ISAC, FSARC, US-CERT, and other relevant forums
Essential Functions and Responsibilities:
Incident Response Skills
- Successfully monitor, detect, identify, understand, document and communicate risks, threats, events, and incidents.
- Investigate alerts, reports, logs and indicators across the entire threat spectrum from malware and phishing, to Advanced Persistent Threat groups.
- Understand and implement kill chains and control processes to preemptively, rapidly and completely identify, prevent, interrupt, and stop, events and incidents.
- Improve and automate incident response monitoring, alerting, event detection, incident documentation. Minimize false positives based on metrics.
- Assess the impact of potentially malicious traffic on technology and of potential intrusions on the network and infrastructure.
- Identify intrusion activity from alerts and reports correlated across sensors and systems and determine priority for response.
- Understanding current vulnerabilities, attacks, and countermeasures.
- Propose additional controls to detect and prevent malicious activity.
- Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents, detection and prevention.
Security Monitoring Skills
- Expertly manage SOC tools, endpoint security, firewalls and related technology.
- Expert at prioritization with multiple alerts across complex technology solutions.
- Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes.
- Expertise with technologies including Linux, Windows, servers, workstations, software, hardware, networking, middleware, on-premises, cloud, and distributed.
- Expertise with malware analysis, threat vectors, and with APT Tactics, Techniques, Procedures, and Methodologies. Deep understanding of APT IOC’s and activities.
- Identify and remediate gaps within a cycle of continuous improvement.
Threat Intelligence and Analysis Skills:
- Primary Threat Intelligence Engineer taking in, analyzing, organizing, communicating and using threat intelligence for the organization.
- Understand, manage and share threat intelligence, including manual and automated inputs, OSINT, proprietary, STIX and TAXII and other inputs.
- Perform threats and vulnerability assessment and analysis.
- Perform in-depth analysis in support of network monitoring and incident response operations.
- Manage Threat Monitoring, Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis.