Sr. Security Incident Response Engineer

posted on August 30, 2019

Job Description

Location: Chicago, IL

Type: Permanent

Minimum Experience Required:

  • Bachelor’s degree or equivalent practical experience.
  • 5+ years practical Incident Response experience
  • Demonstrated understanding of Windows internals
  • Demonstrated computer forensics experience including memory and filesystem analysis
  • Demonstrated IT experience in the areas of operating systems, networking, and web-based applications.
  • Ability to work independently on initiatives with little oversight.
  • Passionate about Information Security and technology.
  • Strong analytical/problem solving/conceptual thinking skills.
  • Excellent verbal and written communication skills.
  • Experience leading incident response activities
  • Ability to think and communicate clearly and effectively during a security event
  • Comfortable communicating security concepts and incident reports to senior leadership.

Preferred Field(s) of Study:  

  • System administration experience (esp. Unix/Linux)
  • Demonstrated knowledge of static and dynamic malware analysis
  • Experience working with Splunk or other SIEM/threat detection platforms.
  • Previous SOC or IR experience is a plus.
  • Software development and/or scripting experience.
  • Experience automating incident response activities via PowerShell, Python, Bash, etc.
  • Knowledge of common attacks and defenses
  • Demonstrated knowledge of common vulnerabilities and countermeasures
  • Experience mentoring junior analysts.

Responsibilities:

  • Monitor and respond to alerts generated by our enterprise security tools.
  • Continually evaluate and enhance incident response processes used to triage security events and track effectiveness
  • Triage issues escalated to the Cyber Defense team ensuring quick and appropriate follow-up actions are taken.
  • Perform forensics activities following a security incident
  • Develop and continually improve our incident response playbooks to ensure we efficiently and effectively analyze and respond to security alerts.
  • Mentor and train junior analysts
  • Act as an escalation point for more junior team members
  • Take ownership for the roadmap and maturity of the Incident Management System.
  • Lead our threat hunting program
  • Improve our detection capabilities by building and enhancing alert rules and actively hunting for evidence of malicious activity.
  • Participate in Incident Response on-call rotation