Security Threat Intelligence Engineer
you will have the opportunity to be a part of a tight-knit engineering organization working with hardworking, effective engineers, particularly within our site reliability and security teams.
You will have significant influence over the tools that we use to monitor and audit our system and where we choose to deploy them.
You will be responsible for coordinating the response to security incidents. You will be able to inspire change across the entire stack, from the UI and backend all the way through to the device firmware.
You will support other security teams in driving business-friendly security and process improvements. Finally, by developing our capabilities to promptly detect and respond to threats, you will have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on access points, switches, security appliances, and cameras every single day.
Key responsibilities :
Collect, process, analyze, interpret, preserve, and present digital evidence
Perform forensic triage of an incident to include determining scope, urgency and potential impact
Conduct analysis of forensic images, and available evidence in support of forensic write-ups for inclusion in reports and written products
Document forensic analysis from initial participation through resolution
Ability to document forensic workflows based on sound industry practice
Investigate data breaches leveraging traditional forensic tools and cloud-specific tools to determine the source of compromises and malicious activity
Support incident response engagements, perform forensic investigations, contain security incidents, and provide guidance on longer term remediation recommendations
Develop, document and refine procedures to accomplish discovery process requirements
Manage all chain of custody best practices associated with the rules of evidence
Mentorship of team members in incident response and forensics best practices to cultivate secondary resources to assist in larger collection events
Competencies :
Solid understanding of the forensic lifecycle and scoping activities, evidence acquisitions on a range of devices
Forensics analysis background on following platforms and technologies :
Cloud (AWS, Azure, GCP)
Windows / Mac / Linux OS
Physical and virtual network devices and platforms
Understanding of SaaS, PaaS, and IaaS
Analyze and characterize cyber-attacks unique to cloud
Skilled in identifying different classes of attacks and attack stages
Understanding of system and application security threats and vulnerabilities
Understanding of proactive analysis of systems and networks, to include creating trust levels, and understanding cloud authentication methods
Experience with performing reactive incident response functions in public cloud environments - Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc
Experience with examining compute, storage, network, IAM, Kubernetes, serverless, and other log sources to identify evidence of malicious activity
Understanding of APIs and ability to leverage them for building integrations
Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools
Ability to write SQL to search data warehouse databases
Familiarity with the following tools
Forensics platforms such as EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and other open source forensic tools
Security Incident and Event Monitoring (SIEM) and Security Orchestration, Automation & Response (SOAR)
Malware Analysis / Reversal Tools
Network and Host Intrusion Detection (IDS) such as SNORT / Sourcefire, Palo Alto, etc.
Endpoint Detection & Response (EDR)
Network sniffers and packet tracing tools such as DSS, Ethereral, tcpdump, Wireshark, etc.
You are an ideal candidate if you possess :
You are an ideal candidate if you possess :
6+ years of incident response or digital forensics experience with a passion for cyber security; or equivalent educational experience in Information Security, Computer Science, Digital Forensics, Cyber Security or related field
Proficient with host-based forensics and data breach response
Hands-on experience with architecting, building, operating, investigating, and troubleshooting large and complex cloud environments, DevSecOps experience welcome
Understand and demonstrate best practices for architecting and operating in a multi cloud environments in a scalable manner
Experience with large-scale application administration and debugging, Cloud Security Posture Management (CSPM) solutions, or automation via scripting or cloud-native approaches
Experience using industry standard forensic tools
Experience preserving desktops, laptops, mobile devices / tablets, servers, both cloud and on-premise email implementations, nontraditional cloud data sources, social media, etc.
in a forensically sound manner
Ability to communicate effectively and tactfully in both verbally and in written format to team members and technical / non-technical clients
Ability to demonstrate superior organizational skills with acute attention to detail
Must be an energetic self-starter who can work within a team environment but also independently as the situation requires
Strong troubleshooting skills coupled with the ability to solve on the fly to solve complex problems
Have experience working on incident response teams
Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
Understand the NIST IR framework or competing IR lifecycle frameworks
Have the ability to write custom *nix scripts to gather evidence for investigation and forensics during an incident
Able to work independently and identify areas of need in highly ambiguous and time-sensitive situations
Have familiarity with MITRE ATT&CK and / or D3FEND frameworks
Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response
Bonus points for :
Relevant industry security certifications such as CISSP, SANS GIAC (e.g. EnCE, GCIH, GNFA, GCFE, GCFA, GREM or additional tool based certifications), AWS certifications (SAA, SAP, or SCS), etc.
Familiarity with other security verticals such as : Incident Response, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive Security
Networking experience with LAN / WAN routing and high availability (OSPF, BGP4 / iBGP, EIGRP, and NSRP) routing protocols and technologies
Knowledge of detection tools, for example : Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty
Demonstrate how to execute common web application attacks like SQL Injection, XSS, CSRF
Experience with IoT platforms, large-scale distributed systems, and / or client-server architectures
we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people.
We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.