Senior Security Incident Response Engineer

Who We Are :

Take the next step in your career now, scroll down to read the full role description and make your application.

SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners in the car, at home, and anywhere on the go with connected devices.

Our vision is to shape the future of audio, where everyone can be effortlessly connected to the voices, stories and music they love wherever they are.

This is the place where a diverse group of emerging talent and legends alike come to share authentic and purposeful songs, stories, sounds and insights through some of the best programming and technology in the world.

Our critically-acclaimed, industry-leading audio entertainment encompasses music, sports, comedy, news, talk, live events, and podcasting.

No matter their individual role, each of our employees plays a vital part in bringing SiriusXM's vision to life every day.

How you'll make an impact :

The Incident Response Analyst position will contribute to Sirius XM by taking on the primary cyber security incident responder role within the SXM InfoSec department.

The successful candidate will be responsible for receiving and triaging all cyber security incident alerts and escalation, coordinating the actions of First Responders representing the engineering and operations teams of the enterprise, and documenting and reporting on all cyber security incidents.

Additionally, this role will be responsible for continuing to develop and improve the Incident Response capabilities of Sirius XM by developing and improving runbook procedures and expanding the scope and capabilities of security tools.

What you'll do :

• Receive and Respond to Cyber Security Alerts and Security Incident Reports.
• Actively call and lead security incident bridges and coordinate internal incident response efforts between First Responders, operations teams, and managed security services.
• Develop, implement, and train first responders in new security procedures to prepare the enterprise to respond to cyber threats.
• Partner with the internal red team to support threat hunting within our environments.
• Partner with the Vulnerability Management team to support triage investigations around identified critical vulnerabilities.
• Expand SIEM program, ensuring log coverage, alert development, and process improvement.
• Support broader Security Operation initiatives both within the Security Department and within Engineering and Operation departments across the enterprise.

What you'll need :

• 5-8+ years of combined Information Security experience.
• Bachelors or Master's Degree in a Cybersecurity or related field, or equivalent relevant experience.
• GCIH GIAC Certified Incident Handler or equivalent certification.
• Preferred : GCFA GIAC Certified Forensic Analyst.
• Good working knowledge of NIST SP 800-61.
• Incident Response - Knowledge and understanding of incident response processes in both datacenter and cloud based environments, forensic techniques, executing and administration of crisis bridges, and preparation and delivery of incident reports for executives.
• Network and Packet Analysis - Working knowledge of TCP / IP, OSI model, and network and packet analysis process and tools.
• Phishing Triage - Ability to analyze message headers and identify actionable indicators for remediation.
• Malware and Hacking Analysis - Advanced knowledge of malware trends and behaviors and the ability to work with other teams.
• Training and Documentation - Build a new incident handling procedure, conduct training presentations, and review and update incident handling procedures.
• Identify and classify potential, successful, and unsuccessful intrusion attempts.
• The ability to compare log activity against the expected protocol behavior to identify anomalies.
• Experience with SentinelOne.
• Experience leveraging Proofpoint phishing and DLP services.
• Experience with Imperva, Akamai, and AWS Web Application Firewall (WAF) services.
• Experience with Intrusion Detection and Prevention Systems (IDS / IPS), Firewall and Network Log analysis, Security Information and Event Management (SEIM) tools, threat intelligence services, and malware analysis.
• Experience with Windows and Linux Operating Systems.
• Experience scripting with Bash, Perl, Python, PowerShell, and AWS CLI.
• Interpersonal skills and ability to interact and work with staff at all levels.
• Ability to handle multiple tasks in a fast-paced environment.
• Commitment to "internal client" and customer service principles.
• Willingness to take initiative and to follow through on projects.
• Excellent time management skills, with the ability to prioritize and multitask, and work under shifting deadlines in a fast-paced environment.
• Must have legal right to work in the U.S.

At SiriusXM, we carefully consider a wide range of factors when determining compensation, including your background and experience.

These considerations can cause your compensation to vary. We expect the base salary for this position to be in the range of $73,600 to $150,000 and will depend on your skills, qualifications, and experience.

Additionally, this role might be eligible for discretionary short-term and long-term incentives. We encourage all interested candidates to apply.

Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation.

SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.

The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.

J-18808-Ljbffr