Lead Engineer, Information Security (DFIR)
Apply on
As the Lead Engineer, Information Security (DFIR), you will be responsible for performing, facilitating and documenting the complex analysis, development and testing of security methodologies and technologies. You ll utilize your knowledge and experience with incident response, threat analysis, governance, risk management and compliance to help keep our operations running smoothly. Become a part of our rapidly growing global team and we'll help you develop your career to a level that will exceed your expectations.
Pay, benefits and more:
We are eager to attract the best, so we offer competitive compensation and a generous benefits package, including full health insurance (medical, dental and vision), 401(k), life insurance, disability and more
What you ll do on a typical day:
- Serve as part of the CIRT (Cyber Incident Response Team) as an Incident Commander, working with other members of the core incident response team and stakeholders throughout the incident response lifecycle.
- Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
- Form and articulate expert opinions based on analysis.
- Investigate instances of malicious code and documents to determine attack vectors and payloads.
- Gather and utilize threat intelligence to lead relevant hunt missions across the enterprise, working directly with the Cybersecurity Operations Center (CSOC).
- Develop and produce reports on breaking cyberthreat news and disseminate to appropriate teams to maintain appropriate levels of situational awareness.
- Analyze threat actor profiles and track threat groups and their associated indicators of compromise and tactics, techniques, and procedures to drive hunting, detection, and prevention efforts.
- Support other DFIR Engineers in triage and response to security alerts and perform root cause analysis.
What you need to succeed at GXO:
At a minimum, you ll need:
- Bachelor s degree in Cyber related field or equivalent work or military experience
- Minimum 5 years of related incident response or cyber threat hunting / intelligence experience
- Familiarity with intrusion detection methodologies and techniques for detecting host and network-based intrusions; incident response and handling methodologies
- Experience in understanding and utilizing the incident response lifecycle
- Advanced incident response skills to include host-based forensics, memory forensics, network forensics, packet capture analysis, and static / dynamic malware analysis
- Knowledge of the corporate cybersecurity threat landscape, cyber threats and vulnerabilities, system and application security threats and vulnerabilities, and tactics and targets of Nation State actors and APTs
- Demonstrated experience with data analysis, documentation, and reporting.
- Experience working with EDR platforms (i.e., CrowdStrike, SentinelOne, Microsoft Defender)
It d be great if you also have:
- GCFA, GNFA, GREM, GHTI or other industry-relevant certification(s)
- Familiarity with Cloud structure and security monitoring capabilities for Google Cloud Platform, AWS, Azure and O365
- Experience with open source and commercial forensic tools
- Strong problem-solving, networking, and team-building skills
- Experience working with SIEM technologies (i.e. Splunk, Chronicle, Sentinel), to include log source discovery, collection, validation, and custom content creation (rules & dashboards)
- Ability to work independently and with limited supervision to achieve assigned goals and objectives.
- Ability to multitask in a fast-paced, high-pressure environment.
- Experience with performing eDiscovery collections
We engineer faster, smarter, leaner supply chains.
