Jobs at Redbud Cyber Security Recruiting

View all jobs

Incident Response Threat Engineer

Issaquah, WA
Location: Issaquah, WA.

Description of Position:
The role of every Information Security team member is to support the overarching values and business goals as they relate to meeting legal, ethical and regulatory obligations; protecting member’s and employee’s privacy; and maintaining a security technology environment for our operations. The Incident Response Threat Intelligence Engineer provides threat information to help identify threat actors and methods; to enable IT solutions to build effective controls against these threats; provide situation awareness to incident response; run threat assessments for high risk events (zero-days); support proactive incident hunting; advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Threat Engineer develops, leads and monitors the Threat Intelligence Program.
 
Tasks and Responsibilities:
  • Identifies and assesses internal and external cybersecurity risks that threaten the security of business operations.
  • Develops and formalizes effective threat identification and assessment processes, including maintaining playbooks for obtaining, monitoring, assessing, classifying severity, and responding to evolving threats and vulnerabilities.
  • Develops, maintains, and updates a repository of cybersecurity threat information that may be used in conducting risk assessments and report on cyber risk trends.
  • Conducts research and evaluate intelligence data, with specific emphasis on tactics, techniques, and procedures.
  • Turns threat information into actionable intelligence by integrating related Indicators of Compromise (IOC) into SIEM operations and incident response strategies.
  • Correlates threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in or posing potential threats.
  • Develops and documents Threat Intelligence procedures into Playbooks.
  • Ensures that Threat Intelligence documentation is comprehensive and accurate including completes all relevant fields in case tracking database.
  • Reports security performance against established security metrics.
  • Works closely with various international Information Technology teams, state agencies and 3rd party vendors to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors.
  • Coordinates activities or engagements with loss prevention, 3rd party security retainers, interact with legal and law enforcement as required.
  • Monitors Operation, Intelligence Analyst and Hunt Teams work queues and metrics. Requests and releases team members to different roles as needed.
  • Identifies, develops, and implements mechanisms to detect security incidents and report on key metrics.
  • Identifies and improves security incident detection and monitoring capabilities.
  • Provides management and the IR team with a contextual snapshot of the Incident Response team challenges for multiple uses by the team and management.
  • Participates in the assessment, analysis and design of solutions for the Threat Intelligence Program.
  • Identifies gaps and recommends changes to the Incident Response Plan.
  • Subject matter expertise and provide leadership to develop the Threat Intelligence Program.
  • Provides mentoring and training on tools and processes to the Threat Intelligence Team and partners.
  • Regular and reliable workplace attendance at your assigned location.
Required Skills, Abilities, and Certifications:
  • A Bachelor’s degree in Computer Science or a minimum of 10 years of information security experience with a focus on threat intelligence.
  • High degree of ethics/confidentiality required.  May be required to pass security screening.
  • Ability to provide accurate analysis that minimizes bias and error.
  • Ability to develop processes and tools to effectively share actionable intelligence information.
  • Rule correlation evaluation and development experience highly recommended but not required.
  • Ability to work effectively, independent of assistance or supervision.
  • Ability to work under pressure in a highly team focused environment is required.
  • Innovative, creative, and extremely responsive, with a strong sense of urgency.
  • Willing to share knowledge and assist others in understanding technical and business topics.
  • Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
Recommended:
  • One or more professional security certifications such as CISSP (or equivalent).
  • Experience with scripting languages such as Python.
  • Familiarity with link analysis and data mining tools like Maltego.
  • Successful internal candidates will have spent one year or more on their current team.
Share This Job
Powered by