We are seeking an experienced Senior Security Engineer to join our Digital Forensics and Incident Response (DFIR) team within the broader Security Incident Response Team (SIRT), to help our organization respond to cyber-attacks.
The ideal candidate will have a deep understanding of the security incident response and incident management process, attacker kill chains / methodologies, be able to respond quickly to attacks, restore services, and forensically investigate the root cause.
As a member of our SIRT, you will closely collaborate with other engineers to design and implement solutions, improve incident response readiness, and provide guidance and training to external teams.
Responsibilities:
Oversee and promptly respond to escalated security events or investigations, and activate the Security Incident Response Plan as required.
Provide on-call support for critical severity issues, manage communications, and report incident status to the appropriate stakeholders.
Lead forensic analysis and conduct investigations to ascertain the root cause, scope, and impact of security incidents.
Develop, maintain, and improve incident response plans, procedures, and playbooks to help ensure swift action and regulatory compliance.
Present guidance and training on security best practices and incident response to organizational partners, while ensuring alignment with business objectives and compliance requirements.
Mentor and train incident responders on incident handling techniques, forensic analysis, and cloud security forensics and best practices.
Collaborate with Compliance, Legal, and Risk teams to integrate incident response operations with business and regulatory needs.
Assess vulnerabilities, propose remediation strategies, and keep up to date on current and emerging security trends, threats, and countermeasures.
Requirements: Possession of industry-recognized professional-level certifications such as AWS Security Specialty, GCIH, GCFA, CCFE, CISSP is advantageous
3-5 years' experience in a dedicated cybersecurity role, with a strong emphasis on digital forensics and incident response
1-3 years' experience using scripting languages such as bash, PowerShell, and Python
Experience performing analysis and detection engineering using Endpoint Detection and Response, or Cloud Security Posture Management tools such as CrowdStrike Falcon, SentinelOne, or Wiz
Comprehensive understanding of cybersecurity and networking principles, including protocols, ports, and frameworks such as OWASP, MITRE ATT&CK, NIST, or CIS
Experience using and defending Public Cloud services such as AWS, Azure, and GCP (IAM, CI/CD Pipelines, Network Security, DLP)
Deep understanding of Security Information, and Event Management (SIEM) solutions such as Splunk or LogScale
Profound knowledge of digital forensics technologies and methodologies, as well as expertise in the Security Incident Response Lifecycle according to frameworks like NIST or SANS
Strong analytical and problem-solving abilities, with a focus on identifying root causes and assessing risk exposure
Exceptional communication skills, both verbal and written, capable of explaining technical details to non-technical audiences and fostering strong stakeholder relationships
Self-motivated with the ability to work autonomously, managing tasks effectively, and seeking assistance when necessary
Proficient in working under pressure in a dynamic environment, prioritizing tasks to meet tight deadlines while maintaining procedural discipline
Adaptable and proactive attitude, willing to take on various responsibilities, and eager to continuously learn and upgrade skill
Proficient understanding of AI technologies and their application in enhancing security operations, threat detection, and incident response
A Bachelors degree or higher in Technology, Computer Science, Cybersecurity, or a related field is preferred [or equivalent experience].
This position is open to all candidates.