Staff Security Engineer

As a Staff Security Engineer, Incident Response you will be a hands-on incident responder actively investigating cases involving endpoints, SaaS, public cloud, and hybrid environments. When not actively leading or participating in an incident, you will be threat hunting. Due to the nature of IR, we are looking for someone who is technically proficient and can effectively communicate with leadership, managers and individual contributors during an IR situation. In addition, you will be responsible for the strategic direction of the IR function, working closely with the Privacy and Legal teams.

Manage investigations including organizing unstructured work and engaging resources across the company.
Manage urgency and visibility to ensure timely response by all involved parties.
Conduct IR analysis, network log and network PCAP analysis, and other investigation related activities in support of IR.
Respond to critical incidents, threats, vulnerabilities and bring these issues to resolution.
Communicate/coordinate with internal and 3rd party teams during high severity incidents.
Orchestrate & conduct table-top exercises.
Develop incident playbooks and repeatable methods for managing and responding to malicious activities across networks, systems, and products.
Design, document, and implement IR processes, procedures, guidelines, and solutions.
Deliver technical and executive level reports and metrics on IR issues.
Forensically analyze end user systems and servers found to have possible indicators of compromise.
Identify security incidents through threat hunting operations within a SIEM and other relevant tools.
Perform basic programming and script development in support of/as needed for IR

Ability to work in a dynamic, on call environment.
7+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability.
3+ years hands-on working in Cyber incident analysis and/or response in medium to large organizations with cloud and forensics components.
Strong analytical, documentation, and communication skills.
In-depth experience with all facets of IR.
Solid experience applying all facets of IR to Windows, Linus, macOS and public cloud environments.
Demonstrated threat hunting experience using SIEM, and EDR solutions.
Ability to successfully facilitate collaboration across multiple functions, departments, and levels.
Familiarity with SOAR (Security Orchestration, Automation and Response) software with an emphasis on building complex playbooks for automating routine incidents.