Report this Job
Job Description
Security Incident Response Engineer Night Shift
Job Purpose
The Security Incident Response Engineer is a member of the Jackson Information Security and Privacy (JISP) Security Incident Response Team (SIRT) and will be responsible for conducting Cybersecurity incident and forensic investigations. They will be responsible for collecting, preserving, analyzing, and presenting evidence in support of investigations. The incident handler role will be a first responder to security alerts, assessing, and quickly containing malicious activity. The Security Incident Response Engineer will support a 24x7x365 Security Operations Center and must be able to adjust to a flexible work schedule when necessary.
Essential Job Duties & Responsibilities
Identifies, investigates, and responds to threats.
Conducts host and network forensic investigations across a range of environments, including log analysis and malware triage in support of incident response investigations.
Take lead on overnight containment action and begin root cause analysis
Leveraging forensics tools, techniques, and capacities to support account take over (ATO) investigations.
Research security trends and recommend security tool optimization. Engage engineering staff and management for approval and assist in implementation.
Ensure SOC Security Tools are working within tolerance levels
Must be able to adjust to a flexible work schedule when necessary
Collects additional context using Threat Intelligence and Security Operations Center data in support of investigation and analysis.
Creates actionable after-incident reports for Security management and technical teams.
Reports and trends cyber incident activity and account takeover activity.
Provide training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff.
Maintains Incident response operating procedures, playbooks, tooling, and technical documentation. Completing updates as needed.
Works with other areas of the company, finding common ground to ensure a smooth Security Incident Response process.
Support projects that drive continuous improvement of the Incident Response program
Ability to work outside of normal working hours as required due to critical incidents or emergency calls.
Other duties as assigned.
Knowledge, Skills & Abilities
Experience with investigating using a wide variety of detective technologies such as SIEM, SOAR, packet capture analysis, host forensics and memory analysis tools.
xperience with authentication, authorization, and auditing technologies and how they are implemented in different environments.
Security Incident Response methodologies and frameworks that include chain of custody for forensics investigations.
Understanding of threat landscape in terms of the tools, tactics, and techniques of attacks.
Understanding of networking and security fundamentals and administration of Windows, Linux, and Apple iOS.
Understanding of Security Incident Response techniques in cloud environments (SaaS, PaaS, IaaS)
Basic understanding of DevSecOps fundamentals.
Experience with at least 1 scripting language (Python, PowerShell, Bash).
Correlate data from multiple sources to identify incidents and events of interest.
Ability to effectively communicate technical and non-technical issues both verbally and in writing.
Excellent analytical and problem-solving skills.
Effective interpersonal skills.
Ability to work with a SOC team and make decisions under pressure.
Solid written and verbal communication skills.
Education and Experience Bachelor's degree and/or equivalent experience.
3+ years Information Security experience required.
Certifications, Licenses, Registrations Preferred Certification in Incident Response such as GCIH
Certification in Forensics such as GCFE or GCFA.
Job Level that this position reports to (i.e., Manager, Director, etc.):
Security Incident Response Program Manager
Complete Corporate Solutions