Armor is seeking a talented and highly-motivated individual to serve as a Senior Security Incident Response & Forensics Engineer, L2 in the Incident Response & Forensics (IRF) Department, as a senior member of the Armor Security Operations Center. This position will be responsible for triage and response to securityevents detected by Armor’s Spartan security model to include management of caseload.
Senior Security Incident Response & Forensics Engineer Essential Duties and Responsibilities: (Additional duties may be assigned as required)
· Identify, triage, conduct forensic analysis and respond to security incidents within both Armor and customer environments as they arise.
· Perform acquisitions of volatile data, in a forensically sound manner, in accordance with industry best practices.
· Own the full lifecycle of a security incident from discovery to completion to include root cause analysis and guidance in recovery efforts.
· Work closely with both technical and non-technical customers to guide them through the incident response process and provide guidance on best practices and remediation when needed.
· Conduct analysis on output from host and network-based security tools to provide context for both ongoing and historical securityevents.
· Analyze threats for unique indicators of compromise; work withfellow SOC team members to create countermeasures to aid in future prevention and detection of cyberthreat activity.
· Document and implement processes for investigating and responding to security incidents according to industry standards (e.g. NIST 800-53 and SANS best practices).
· Maintain knowledge of current and emerging cyberthreats; grow relationships with other incident response professionals, industry partners and vendors.
· Monitor and enforce guidelines for security and compliance.
· Train, mentor and guide junior analysts within the SOC.
· Experience in performing datacenter workload incident response and forensicsinvestigations across a wide range of both public and private cloud environments.
· Strong understanding of both Windows and Linux server environments including commonly-configured roles and related technologies, such as web, database, domain services, etc.
· Able to perform live triage of hosts to include examining running processes, network connections, system logs, file system activity, and more for signs of anomalous behavior.
· Strong understanding of attacker tools, techniques, and methodologies. Ability to gather and act on cyberthreat intelligence.
· Familiar with industry standard forensic tools such as X-Ways Forensics, EnCase, Volatility, RegRipper, SysInternals, etc.
· Experience with Host and Network Intrusion Detection Systems (HIDS/NIDS), Web Application Firewalls (WAF), IP Reputation systems, and Security Information and Event Management (SIEM) systems.
· Able to read and understand the following languages: PHP, Python, Bash, Powershell, SQL, Regex.
· Ability to manage multiple cases simultaneously, prioritize tasks, and adapt to changing conditions to ensure customer satisfaction.
· Strong analytical and critical thinking skills. Highly skilled and/or educated in the area of Security Operations and Incident Response.
· Able to multi-task, prioritize, and resolve multiple inquiries at once.
· Detail-oriented, excellent communication (oral and written), interpersonal, organizational, and presentation skills.
· Ability to work evenings/weekends as required and to be on-call 24x7 to serve as the escalation point for your team.
· Prior experience working directly as an Incident Response Engineer required. Prior experience in other cybersecurity areas a huge plus.
· Ability to quickly react and adapt in complex unusual environments.
Education And/Or Experience:
· Minimum of BS degree in a related field and 3 years direct job-related experience, or a combination of applicable education and experience to meet the requirements of the position.
· One or more of the following certifications (highly preferred): EnCE, GCIH, GCFA, GCFE, GNFA, GREM, OSCP, OSCE.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required:
· Knowledge of and ability to administer Windows and Linux Server environments.
· Knowledge of and ability to identify attack methods and form mitigation/detection techniques.
· Knowledge of and ability to administer network and host-based security tools.
· Knowledge of and ability to administer scriptinglanguages: PHP, Python, Bash, PowerShell, SQL, Regex.
While performing the duties of this Job, the employee is regularly required to sit and use hands. The employee may be required to assist with tasks in the data center and perform moderate lifting up to 100 lbs.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting, at the company’s data center, or at a third-party location for training.
Equal Opportunity Employer
It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.
Job Code: 631