Job Description:
• Participate in confidential insider risk investigations and support the Insider Risk Team Program via triage and investigation of detections
• Create and implement insider risk related detections and assist in the development of detection criteria through ASM
• Perform detailed investigations reviewing data from multiple sources (network, host, open source)
• Communicate with end users regarding potential policy violations and assist in data recovery efforts
• Provide senior leadership and executive level staff with active investigations notifications/updates (EXSUMs)
• Handle confidential or sensitive information with appropriate discretion
• Assist in regular and sustained alert tuning efforts to minimize false positives
• Ensure all investigations are properly documented and tracked in case management systems
• Support Incident Response lifecycle via triage, live response, containment, escalation, and after-hours on-demand support
• Identify security controls coverage and efficiency gaps in available data/logs and tooling
• Provide information security summaries containing security metrics as required
• Participate in incident response, manage escalations, and drive process development and documentation for the Incident Response lifecycle
Requirements:
• Experience with data classification or risk scoring methodologies
• Excellent verbal and written communication skills with attention-to-detail
• Ability to triage and manage 2-3 investigations simultaneously
• Ability to work independently and coordinate with multiple internal departments
• Experience responding to security event alerts, front-line analysis and escalation
• Theoretical and practical knowledge with Mac, Linux, and Windows operating systems
• Theoretical and practical knowledge with TCP/IP networking and application layers
• Experience with ASM (Attack Surface Mapping), Threat Hunting/Emulation
• Experience with access/application/system log analysis, IDS/IPS alerting and SIEM-based workflows
• Experience with security data collection, processing, and correlation
• Scripting experience (Bash, PowerShell, etc.)
• Experience with REGEX and data stream editing binaries (SED, AWK, etc.)
• Experience with host database enumeration and analysis (SQL, SQLITE3)
• Experience with network analysis (TCPDump, TSHark/WireShark, etc.)
• Experience with basic static and dynamic host analysis (Order of Volatility, etc.)
• Experience with basic files analysis (permissions, ownership, metadata)
• Working knowledge of INIT, SYSTEMD, LAUNCHD, BIOS/UEFI Boot processes
• Applicable security certifications (GCIA, GCIH, GCFA, GNFA, GIME, GCCC, GPEN, OSCP, etc.) or equivalent job experience
• Obtained or pursuing an undergraduate degree or direct experience in information/cyber security, information systems, or computer science
• Desire to continually grow and expand both technical and soft skills
• Contributing thought leader within the incident response industry
• Ability to foster a positive work environment and attitude
• Bonus: scripting experience in Python or Perl
• Bonus: Experienced user of Splunk or Falcon LogScale query language
• Bonus: Experience with user behavior analytics and profiling tools or methodologies
• Bonus: Experience creating and tuning detection/alert logic to reduce false positives
• Bonus: Experience in data loss prevention, data classification, and knowledge of common data loss vectors
• Bonus: Previous project management experience desirable
Benefits:
• Remote-friendly and flexible work culture
• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities
• Vibrant office culture with world class amenities
• Eligibility for bonuses, equity grants, and a comprehensive benefits package
• Health insurance
• 401k (retirement)
Apply Now
Apply Now