Cyber Security Engineer III

Notes from the HM Call:
Shortlist by Monday, 11/11.
HM: Karim Ezzat:

Duration : might get extended to next year
Location : prefers someone in PST or EST
Shift timings : 10hr shift, 4 days a week (Sunday to Wednesday, Wednesday to Saturday).
Training period will be for 3 months.
Team dynamics : Incident response and Security team, Service requests, alerts. How the attack takes place. SOC analyst role would work. Former developers or network analyst. Basics of Vulnerabilty management, security management. Diverse candidates needed. 8 member team. Augmenting FTE members, don t need a senior candidate.
Daily scrums : morning daily stand ups.
Must haves : Security background, such as malware, detection, forensics, Information Security, needs penetration, threat, SOC analyst. More of an analyst is good.
Nice to have : coding, system admin, testing knowledge is good to have.
Education/Yrs of experience : minimum 2-3 yrs of experience. Technical degree is good to have.
Industry : no particular industry preferred
Red flag : No investigation experience, generic malware tech. Need to have someone who can take accountability.
Interview : 2 rounds. 45 min each. No code writing needed. Easy or complex queries.
Collaboration with other teams. Security investigations going on around 10 alerts at a time.
Tools : Splunk, crowdstrike, querying languages. Don t need someone with coding languages. SQL, Lucene. Someone who can work on variety of tools.
Role is more about analysis.
Look for someone with Security & Threat analysis.


Day to Day Responsibilities of this Position and Description of Project:

Client's is seeking a CSIRT Engineer to join our highly visible Cyber Security Incident Response Team that provides Security Operations Center (SOC) support, cyber analysis, scripting and automation, and a 24x7x365 support staff. This specific position requires the ability to work Swing and/or Graveyard shifts with rotations into Day shift.

Working within Client's s Computer Security Incident Response Team (CSIRT) you will have the opportunity to build innovative solutions to identify and mitigate information-security threats. You will work collaboratively to creatively solve complex security problems in a heterogeneous environment. With your contributions, we re building the best security incident response team in the industry. Your skills, vision, tenacity, and passion will help us defend and respond daily to keep Client's s critical information assets away from threats and hackers.

Candidates must have extensive experience working with various security methodologies and processes, advanced knowledge of TCP/IP protocols, extensive experience providing analysis and trending of security log data from a large number of heterogeneous security devices.

Must demonstrate expert knowledge in one (1) or more of the following areas:

Incident Response, Digital Forensics, Monitoring and Detection, Cyber Intelligence Analysis

Core Job Functions Include:

Investigations Investigating computer and information security incidents to determine extent of compromise to information and automated information systems

Escalations Responding to escalated events from security tooling to develop/execute security controls, Defense/countermeasures to prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.

Research Researching attempted or successful efforts to compromise systems security and designs countermeasures.

Education - maintaining proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.

Communications Provides information and updates to shift leads & leadership, creates pass-downs for next shift, work closely with supporting teams, provide feedback for new security policy and standards, engage with other teams and adjacencies through email and conference calls.

Digital Forensics As it relates to information systems, performs HR investigations and legal holds in a forensically sound manner. Consults with HR and legal subject matter experts to adhere to local country law

Coverage Must be willing to perform shift work, weekends, and holidays as well as participate in a rotating shift consisting of four (4) 10 hour shifts with four days on, three (3) days off and possible rotations across Day, Swing, and Graveyard shifts as needed.

To be successful in this position, you should be proficient with:

Incident Response Getting people to do the right thing in the middle of an investigation.

Offensive Techniques Penetration testing, IOCs, and exploits at all layers of the stack.

Logs - you should be comfortable with a SEIM to be able to gather and analyze logs to recreate incidents and hunt for threats.

System Forensics Basic understanding of image acquisition techniques, memory forensics, and the like.

Networking Fundamentals - TCP/IP Protocols (HTTP, DNS, FTP, DHCP, ARP, etc.), and Wireshark/TCPDump.

Scripting Should be familiar with scripting in at least one of the following: python, perl or a similar language.

Risk Analysis Taking a vulnerability in a particular environment and understanding the practical associated risk.

Qualifications:

Bachelor s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field.

Minimum three (3) years of professional experience in incident detection and response, malware analysis, or digital forensics.

Must have at least one (1) of the following certifications:

SANS GIAC: GCED, GCIA, GPEN, GWAPT, GSNA, GPPA, GAWN, GWEB, GNFA, GREM, GXPN, GMON, GCIH

ISC2: CCFP, CCSP, CISSP

Cisco: CCNA, CCNP

CERT: CSIH

EC Council: CEH, ENSA, CNDA, ECSS, ECSP, ECES, CHFI, LPT, ECSA, or ECIH

Offensive Security: OSCP, OSCE, OSWP and OSEE

Digital Forensics: EnCE, CB, MiCFE, ACE, GCFA, GCFE

In addition, a minimum of one (1) year of specialized experience in one or more of the following areas:

Security Assessment or Offensive Security

Application Security

Security Operations Center/Security Incident Response

Cyber intelligence Analysis

At Client's, your work makes a difference. We believe that we can build a better form of commerce that is enabled by people, supported by technology, and open to everyone creating more opportunity for all.