Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs - Security Engineer - Incident Responder and Threat Hunter Bethlehem, Pa GCIH, GCIA, GDAT, GNFA, GMON, GAWN InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Security Engineer - Incident Responder and Threat Hunter
Company Guardian Life Insurance
Location Bethlehem, Pa
Preferred GIAC Certifications GCIH, GCIA, GDAT, GNFA, GMON, GAWN
Travel 5%
Salary Not provided
Contact Name Anonymous
Contact Email jim.horwath/at/
Expires 2019-03-13

Job Description

Position Objective:

Are you passionate about cyber and security challenges in information technology, associated with threats and vulnerabilities? Are you a subject matter expert looking for an enriching experience to build your career and brand?

The Incident Responder will utilize analytical, technical, and people skills to prevent, detect, analyze, and respond to threats against Guardian's sensitive information and systems. Incident Response activities will include, but are not limited to, triaging security events, network and endpoint forensic analysis, threat hunting, vulnerability escalation, along with driving security incidents from detection through remediation and lessons learned. While responding to internal or external threats, you will execute incident response playbooks and document incident response actions in an Incident Tracking system, leverage SEIM and related tools to complete analysis. You will help contribute to Guardian’s evolving incident response capabilities and procedures providing input allowing Guardian to continue building proactive threat hunting and detection. In addition, you will conduct Threat Hunting looking to detect compromises and security threats using IOC’s (Indicators of Compromise) and the latest hacking knowledge.

Principal Accountabilities:

· Investigate breaches to include host-based analysis, network and log analysis
· Participates in forensic projects as required, including collection, preservation of electronic evidence
· Preserve and analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices
· Research, develop, and recommend hardware and software needed for Incident Response and develop policies and procedures to respond to data breaches
· Conduct Threat Hunting activities searching for indications of compromise, vulnerabilities, and threats
· Apply and monitor IOC’s monitoring for compromise or vulnerability of compromise
· Research, develop, recommend, and document software and techniques needed for Threat Hunting

Team Leadership and Development:

Your role as a member of the DFIR will consistently involve collaboration with the firm’s senior leadership as well as other forensic personnel to facilitate an effective Incident Response program. You will also be expected to prepare, write, and present reports and briefings and contribute to reports generated by the other DFIR team members.

Skills and Knowledge:

Technical Skills

· Proficiency with forensic techniques and the most commonly used DFIR tools, such as dtSearch, EnCase, X-Ways, FTK Suite, SIFT
· Ability to conduct research in support of incident response engagements
· Knowledge of scripting/programming languages to assist in automating some IR processes
· Knowledge of memory analysis techniques including the use of volatility, rekall, and other tools
· Prior experience/knowledge of penetration testing tools and hacking techniques such as Metasploit, Empire, Nessus, Nmap, Kali Linux, Burp Suite, SQLMap, SQL Injection, Buffer Overflows, MITM, etc.
· Knowledge of cloud technologies and Incident Response in a cloud environment
· Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem-solving abilities
· Strong work ethic and motivation with a demonstrated history of ability to lead a team and work under pressure
· Strong verbal and written communication skills
· Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring flexibility and responsiveness to company priorities
· Must be able to work collaboratively across teams, business units and management levels

Education and Experience:

Degree in a Cyber Security, Computer Science, or Information Technology discipline is preferred
Demonstrated experience using physical, local, and remote acquisition tools across multiple OS systems
In-depth experience with industry standard digital forensic tools and forensic processing methodologies
About Us

Every day, Guardian gives 26 million Americans the security they deserve through our insurance and wealth management products and services. Since our founding in 1860, our long-term view has helped our customers prepare for whatever life brings whether starting a family, planning for the future or taking care of employees. Today, we’re a Fortune 250 mutual company and a leading provider of life, disability and other benefits for individuals, at the workplace and through government sponsored programs. The Guardian community of ~9000 employees and our network of over 2750 financial representatives is committed to serving with expertise when, where and how our clients need us. Our commitments rest on a strong financial foundation, which at year-end 2017 included $8.0 billion in capital and $1.6 billion in operating income. For more information, please visit or follow us on Facebook, LinkedIn, Twitter and YouTube.
Guardian® is a registered trademark of the Guardian Life Insurance Company of America. Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.