Cybersecurity Response Engineer
Work Location : Onsite in Charlotte or Detroit for Hybrid model 3 days a week
Duration : 24 months with possible extension
Interview : ** Video conference interview; provide location and best time to interview.
Mandatory skills : ** Cybersecurity Response Engineer**: ** Experienced with use case development lifecycle and risk based alerting mechanisms; ** Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework; **Splunk. **Good communication skills Proactive independent selfstarter independent worker who will take initiative and work well collaboratively. Confident and able to challenge respectfully and look for opportunities for continuous improvement. Able to mentor and coach junior team members
Job Description
Response Engineer
Position Description
The Cybersecurity Response Engineer position is a valued member of the Information Protection and Risk Management (IPRM) department. The Cybersecurity Response Engineer will be a part of the Cyber Threat Response (CTR) team and will primarily serve the Security Operations Center (SOC) and Cyber Security Incident Response Teams (CSIRT) by developing and maintaining alert use cases onboarding new security tools facilitating access and training and managing overall risk. To do so they will also work closely with the Cyber Analytics and Data Science (CADS) team as well as various Cyber Security Technology (CST) engineering teams throughout IPRM.
Job Responsibilities
- Develop advanced security alerts for SOC consumption
- Identify automation opportunities leveraging a SOAR tool to optimize SOC processes
- Coordinate with different teams to complete agile project objectives
- Generate reports around security events and metrics
- Provide support for incident response investigations
- Utilize attack simulations to test or discover alerting conditions
- Participate in Threat Hunting exercises
Qualifications
- Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework
- Familiar with various security platforms and tools such as firewall proxy SIEM and SOAR
- Experienced with use case development lifecycle and risk based alerting mechanisms
- Ability to analyze large data sets to identify trends and anomalies indicative of malicious activity
- Ability to interact with personnel at all levels across the organization and to comprehend business imperatives
- Ability to thrive in a fastpaced environment and capable of working under pressure with little direction
- Experienced with investigations into common attack scenarios such as phishing and credential validation attacks
- Experienced at performing complex security investigations and root cause analysis
- Familiar with cloud platforms such as AWS and Azure and their corresponding security toolsets
- Well organized and comfortable prioritizing a wide variety of goals and objectives by risk
- Thrives in team environment involving a diverse set of skills and personalities
- Maintaining awareness of the cyber threat landscape
- Practical understanding of network protocols and operating systems
- Broad understanding of security mitigation solutions at all layers
- Minimum of four years information security specific experience
- Bachelors degree in information systems or equivalent experience
- Security or CYSA certification preferred
- Selfdriven and motivated with a strong passion for cybersecurity
- Excellent verbal and written communications skills
- Excellent problem solving and troubleshooting skills with a strong attention to detail