Press ENTER to skip to the job description.
Incident Response Engineer

Incident Response Engineer
TX, Dallas

Job Description

Incident Response Engineer

Dallas, TX

Full-time/Direct-Hire

 

Position Summary:

This is the primary incident responder who detects, prevents, interrupts, stops, documents and communicates risks, threats, events and metrics.  This person is responsible for Security Monitoring, Incident Response, Threat-Intelligence; and as the subject matter expert on operational tools and processes typically found in Security Operations Centers or Managed Security Providers.

 

Qualifications Required:

  • Must be a skilled and expert Security Monitoring and Incident Response Engineer. 
  • Secondary skill with Vulnerability scanner, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, and signature development is highly desired.
  • Additionally, significant experience with Linux and Windows operating systems, knowledge of virtual environments, malware analysis and APT Methodologies.
  • Candidate should have broad technical knowledge on several security technologies and a solid understanding of information and networking security.
  • Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
  • Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of professional Information Technology experience.
  • Information Security Certification(s) that could include CEH, CHFI, CFR, CCNA, GCIA, GCIH, GICSP, CHFI, CCNP Security, GSEC, SSCP, CISSP, and/or similar. 
  • Candidate requires 5+ years of experience delivering incident response and security monitoring in a Security Operations Center or for a MSSP/MSP. 

 

Qualifications Desired:

  • Membership with FS-ISAC, FSARC, US-CERT, Infragard, and similar is desired
  • Prior experience at a financial organization, SIFMU, or FSARC member is desired
  • Knowledge of ISO 27001, NIST CSF 1.1, CIS, OWASP, FFIEC
  • Knowledge of PCI, PCI DSS, PCI TSP or similar certifications and requirements
  • Knowledge of systems hardening to Industry Standards (DoD, CIS, etc.)
  • Able to Script automated tasks
  • Manage Case Ticketing and reporting as required
  • Understanding and experience with red-team, blue-team, purple-team and threat hunting processes
  • Membership with FS-ISAC, FSARC, US-CERT, and other relevant forums

 

Essential Functions and Responsibilities:

Incident Response Skills

  • Successfully monitor, detect, identify, understand, document and communicate risks, threats, events, and incidents. 
  • Investigate alerts, reports, logs and indicators across the entire threat spectrum from malware and phishing, to Advanced Persistent Threat groups.
  • Understand and implement kill chains and control processes to preemptively, rapidly and completely identify, prevent, interrupt, and stop, events and incidents.
  • Improve and automate incident response monitoring, alerting, event detection, incident documentation.  Minimize false positives based on metrics.
  • Assess the impact of potentially malicious traffic on technology and of potential intrusions on the network and infrastructure.
  • Identify intrusion activity from alerts and reports correlated across sensors and systems and determine priority for response.
  • Understanding current vulnerabilities, attacks, and countermeasures.
  • Propose additional controls to detect and prevent malicious activity.
  • Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents, detection and prevention.

 

Security Monitoring Skills

  • Expertly manage SOC tools, endpoint security, firewalls and related technology.
  • Expert at prioritization with multiple alerts across complex technology solutions.
  • Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes.
  • Expertise with technologies including Linux, Windows, servers, workstations, software, hardware, networking, middleware, on-premises, cloud, and distributed. 
  • Expertise with malware analysis, threat vectors, and with APT Tactics, Techniques, Procedures, and Methodologies. Deep understanding of APT IOC’s and activities.
  • Identify and remediate gaps within a cycle of continuous improvement.

 

Threat Intelligence and Analysis Skills:

  • Primary Threat Intelligence Engineer taking in, analyzing, organizing, communicating and using threat intelligence for the organization.
  • Understand, manage and share threat intelligence, including manual and automated inputs, OSINT, proprietary, STIX and TAXII and other inputs.
  • Perform threats and vulnerability assessment and analysis.
  • Perform in-depth analysis in support of network monitoring and incident response operations.
  • Manage Threat Monitoring, Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis.

 

Apply Now