Python Automation Security Incident Response
Security Incident Response Engineer
Looking for a candidate with Python for automation, and some exposure to incident response, digital forensics, threat protection. You will primarily be doing python for automation
This position is responsible for all aspects of security threat management for the company. This is a hands-on technical role shares responsibilities across the team in conducting cyber threat intelligence, executing threat hunts, participating and leading incident response efforts, performing digital forensics, and implementing threat protection across the enterprise.
- Design, build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Computer Incident Response Team (CIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- BS/MS in Computer Science or equivalent work experience.
- 7+ years of experience in information security.
- Possession of a holistic view of the threat, vulnerability, and risk as well as their relationship.
- Deep understanding of internals and constructs of at least two main modern operation systems.
- Relevant security certifications (OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).
- Applied experience with application and business logic embedded in business systems.
- Knowledge of open security testing standards and projects, including OWASP.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Advanced knowledge of TCP/IP networking, and network services such as DNS, SMTP, DHCP, etc.
- In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS.
- Experience employing phishing and other social engineering tactics.
- Experience using multiple command and control channels, including DNS and HTTPS.
- Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation and innovation.
- Effective and consistent collaboration through available mediums that enable remote team communication.
- Ability to work effectively in a diverse team and promote team diversity.
Benefits and perks:
- 12 days starting vacation plus 11 holidays and your birthday off!
- Multiple medical insurance options: 100% paid or low cost premiums
- 100% paid dental insurance
- 100% paid vision insurance
- Onsite gym and/or gym discount and fitness incentive
- Culture of learning: substantial tuition reimbursement to improve your skills
- Career growth: we love promoting from within
- Strong commitment to work/life balance
- Technology allowance
- Social responsibility and volunteer opportunities