Be an early applicantLess than 25 applicants

Company

UNFI · 11 hours ago

Sr. Cybersecurity Engineer-Remote

United States

Full-time

Remote

Senior Level

$120K/yr - $170K/yr

6+ years exp

Maximize your interview chances

Food and BeverageSupply Chain Management

No H1B

Security Clearance Required

Insider Connection @UNFI

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Performs incident response for multiple varieties of security alerts for hardware, software, networks, web applications, cloud services, databases, directory services, and infrastructure.

Evaluates technologies such as SIEM, SOAR, EDR, and Threat Intelligence as well as Managed Detection and Response, ASOC, MSSP.

Evaluates new threat and anomaly detection sources and determine value, relevance, and integration with IR processes, especially Cloud technologies such as AWS Guard Duty/CloudTrail/Detective, Azure Security, GCP Security, Wiz CSPM and Cloud Detection and Response.

Assesses threats to UNFI (Threat Intel, Zero-Days, Vulnerabilities, Threat Actors, Malware) and determine risk, coverage of controls, and create new detection/prevention content using SIEM, EDR, IPS/IDS capabilities. Determine need. Test detection and response capabilities.

Research attempted or successful efforts to compromise systems security and designs countermeasures.

Designs and collaborates on development of SOAR application runbooks, incident templates, dashboards, reports, jobs, etc.

Creates security threat assessments using Kill Chain and MITRE ATT&CK methodologies and familiarity with principles of active defense.

Performs forensic investigations as needed and approved in support of Cyber security, HR, and Legal department needs.

Responds and investigates potential security incidents when reported, escalated, assigned, or witnessed via any of several sources.

Identifies intel sources, both open source and otherwise, and partners with the Threat Intelligence Analyst to integrate into IR assessments, monitoring, and response processes.

Completes analysis of threat actors which may pose a risk to the organization / industry, and preparation and dissemination of risk profiles and threat assessments.

Completes monitoring, assessment, and escalation of new 0-day threats and critical vulnerabilities.

Participates in system and network security audits to identify security weaknesses and vulnerabilities and reports to management.

Leverages security applications, such as SIEM, IDS, EDR, and vulnerability management solutions for analysis and investigation.

Serves as a member of the security incident response team.

Compiles and analyzes data for management reporting and metrics as directed.

Conducts root cause analysis and communicates outcomes in a clear and consistent manner.

Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.

Demonstrates expert-level knowledge and skills in the technical, process, organizational, and philosophical aspects of information technology, information security, and information risk management disciplines.

Participates in periodic review of penetration testing requirements, assessments, and remediation of critical findings.

Performs other duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Incident ResponseForensicsCloud SecuritySIEMEDRThreat IntelligenceVulnerability ManagementPenetration TestingMalware AnalysisNetwork DetectionScriptingMITRE ATT&CKGCIH CertificationGCFE CertificationGCTD CertificationGCPN CertificationECND CertificationCIH CertificationCISSP CertificationCompTIA Security+ CertificationAWS Guard DutyAzure SecurityGCP SecurityWiz CSPMTCPUDPICMPFTPPython

Required

BA/BS in Computer or Cybersecurity domain

At least 1 industry leading or senior level cybersecurity certification, for example: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (or Analyst) (GCFE/A), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Penetration Tester (GCPN), EC-Council Certified Network Defender (E|CND), EC-Council Certified Incident Handler (E|CIH)

CISSP and/or CompTIA Security+ certification

6 -10 years of hands-on cybersecurity experience within IT environments including forensics and incident response, detection engineering and operations, endpoint detection and response, network detection and response, enterprise forensics, vulnerability management, penetration testing, malware analysis, and/or security engineering.

3+ years of experience in network, server, or systems administration including scripting/coding.

2+ years of experience in Cloud technologies (DevOps, architecture, defense, IR, or forensics).

2+ years of experience in application development in a large, highly diverse, and distributed environment.

Expertise in Incident Response and Forensics involving Cloud (AWS Guard Duty, Cloud Trail, Detective, GCP Security, Azure Defender, Wiz Threat Detection and Cloud Detection and Response/Incident Response).

Expertise with Multiple SIEMs, EDRs, and NDR’s including Rapid7 InsightIDR, Google Chronical or Sec Ops, Splunk, SentinelOne, CrowdStrike, MS Defender, or MS Sentinel.

Expertise in IPS and IDS technologies and detection engineering (Cisco FTD, SNORT, Suricata).

Detection Content Engineering using SIEM and EDR query languages.

Knowledge of development of Yara rules for malware detection and hunting.

Knowledge of development of Sigma rules based on security testing, MITRE ATT&CK, testing and red teaming.

Knowledge of, and experience with MITRE ATT&CK TTPs, Cyber Kill Chain methodologies, DeTT&CT.

Experience with technologies and processes including: SIEM, EDR, VM, AV, SOAR, Firewall, IDS/IPS, Web Proxy, packet capture and analysis, forensic imaging and analysis, memory analysis.

Knowledge and experience with Common Internet Protocols: TCP, UDP, ICMP, FTP, etc.

Ability to employ OSINT techniques to understand attack vectors.

Understanding of evasion techniques for common security tools.

Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors.

Knowledge of web application and cloud infrastructure best practices and understanding of how to detect exploitation of misconfigurations and vulnerabilities.

Knowledge of network access, identity, and access management, including public key infrastructure and understanding of how to detect exploitation of misconfigurations and vulnerabilities.

Ability to translate technical findings into actionable insights.

Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team’s knowledge sharing.

Strong independent direction and ability to multi-task.

Flexible and adaptable to learning and understanding new technologies.

Strong written, verbal, and interpersonal communication skills.

Ability to work extremely well under pressure while maintaining a professional image and approach.

Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants.

Exceptional information analysis abilities: ability to perform independent analysis and distill relevant findings and root cause.

Comfortable discussing complex findings and issues with variety of audiences, including C-suite level.

Self-driven and able to reach deadlines on-time with minimal direction.

Good judgment is required for this position as there may be times when direct supervision may not be immediately available.