Information Security Senior Incident Response Engineer
Zions Bancorporation is a premier financial services company and we are seeking a highly motivated individual to fill a role as an Information Security Senior Incident Response Engineer.
This role is responsible for understanding the organization’s IT infrastructure to ensure sensors and data collectors are distributed to provide an appropriate level of visibility of network, system, and application activity. Working within the Cybersecurity Operations Center, the Information Security Sr. Incident Response Engineer will analyze data and monitor various tools to detect; respond to; recommend and implement mitigation strategies; provide notifications on abnormal or malicious activity; and post-incident activities, such as root cause analyses and post-incident reports.
As a senior member of the Bancorp-wide Security Incident Response Team, the Information Security Senior Incident Response Engineer will assist the CSOC Manager in reviewing and updating the Incident Handling Procedures and Incident Response Playbooks on a periodic basis.
- Requires a Bachelor’s in Information Technology, Computer Science, Business or a related technical field and 8+ years of experience in Security Operations, Incident Response, Security Architecture, supporting Information Security infrastructure or a combination of the two or other directly related experience. A combination of education and experience may meet qualifications.
- Advanced working knowledge of Cyber security principles used to manage risks related to the use, processing, storage and transmission of information or data, cyber threats and vulnerabilities, incident response and handling methodologies.
- Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies.
- Ability to use network management tools to analyze network traffic patterns.
- Ability to troubleshoot and diagnose cyber defense infrastructure anomalies and work through resolution.
- Ability to write and understand scripting languages (e.g., R, Python, HIVE, SQL, Ruby, Perl, etc.) and use of security event correlation tools.
- Excellent problem resolution and root cause analysis techniques.
- Strong customer service, communication skills both written and verbal.
- Ability to work independently in a complex, sophisticated technical environment.
- Extensive experience with Security Information and Event Management (SIEM) tools
- Hands on experience with Forensic Analysis methodologies.
Advanced Skills a plus:
- Employs Advanced knowledge as a generalist or specialist of computer networking concepts and protocols, network security methodologies and how traffic flows across the network and traffic analysis methods.
- Ability to tune sensors, read, and interpret signatures.
- Advanced system, network, and OS hardening techniques.
- Ability to assess current tools to identify needed improvements.
- Advanced working knowledge of common attack vectors, different classes of attacks (e.g., passive, active, insider, close-in, distributed, etc.) and general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks, etc.).
- Advanced knowledge of system administration concepts for Unix/Linux and Windows Operating Systems.
Certifications a plus:GNFA