Security Threat Intelligence Engineer (only W2)

Security Threat Intelligence Engineer

you will have the opportunity to be a part of a tight-knit engineering organization working with hardworking, effective engineers, particularly within our site reliability and security teams.

You will have significant influence over the tools that we use to monitor and audit our system and where we choose to deploy them.

You will be responsible for coordinating the response to security incidents. You will be able to inspire change across the entire stack, from the UI and backend all the way through to the device firmware.

You will support other security teams in driving business-friendly security and process improvements. Finally, by developing our capabilities to promptly detect and respond to threats, you will have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on access points, switches, security appliances, and cameras every single day.

Key responsibilities :

Collect, process, analyze, interpret, preserve, and present digital evidence

Perform forensic triage of an incident to include determining scope, urgency and potential impact

Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products

Document forensic analysis from initial participation through resolution

Ability to document forensic workflows based on sound industry practice

Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity

Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations

Develop, document and refine procedures to accomplish discovery process requirements

Manage all chain of custody best practices associated with the rules of evidence

Mentorship of team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events

Competencies :

Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices

Forensics analysis background on following platforms and technologies :

Cloud (AWS, Azure, GCP)

Windows / Mac / Linux OS

Physical and virtual network devices and platforms

Understanding of SaaS, PaaS, and IaaS

Analyze and characterize cyber-attacks unique to cloud

Skilled in identifying different classes of attacks and attack stages

Understanding of system and application security threats and vulnerabilities

Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods

Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc

Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity

Understanding of APIs and ability to leverage them for building integrations

Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools

Ability to write SQL to search data warehouse databases

Familiarity with the following tools

Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open source forensic tools

Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR)

Malware Analysis / Reversal Tools

Network and Host Intrusion Detection (IDS) such as SNORT / Sourcefire, Palo Alto, etc.

Endpoint Detection & Response (EDR)

Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc.

You are an ideal candidate if you possess :

You are an ideal candidate if you possess :

6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field

Proficient with host-based forensics and data breach response

Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience welcome

Understand and demonstrate best practices for architecting and operating in a multi cloud environments in a scalable manner

Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches

Experience using industry standard forensic tools

Experience preserving desktops, laptops, mobile devices / tablets, servers, both cloud and on-premise email implementations, nontraditional cloud data sources, social media, etc.

in a forensically sound manner

Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical / non-technical clients

Ability to demonstrate superior organizational skills with acute attention to detail

Must be an energetic self-starter who can work within a team environment but also independently as the situation requires

Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems

Have experience working on incident response teams

Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together

Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior

Understand the NIST IR framework or competing IR lifecycle frameworks

Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident

Able to work independently and identify areas of need in highly ambiguous and time-sensitive situations

Have familiarity with MITRE ATT&CK and / or D3FEND frameworks

Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response

Bonus points for :

Relevant industry security certifications such as CISSP, SANS GIAC (e.g. EnCE, GCIH, GNFA, GCFE, GCFA, GREM or additional tool based certifications), AWS certifications (SAA, SAP, or SCS), etc.

Familiarity with other security verticals such as : Incident Response, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive Security

Networking experience with LAN / WAN routing and high availability (OSPF, BGP4 / iBGP, EIGRP, and NSRP) routing protocols and technologies

Knowledge of detection tools, for example : Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty

Demonstrate how to execute common web application attacks like SQL Injection, XSS, CSRF

Experience with IoT platforms, large-scale distributed systems, and / or client-server architectures

we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people.

We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.