Sr. Security Incident Response Engineer

Job Locations US-IL-Chicago
Job ID
2022-3906
# of Openings
1
Category
Information Security
Level
Mid Senior Level

Overview

Are you someone who enjoys thriving in an exciting and fast paced environment where innovation, building secure solutions, being part of something bigger, and seeing your results come alive are all rewarded? If so, Blue Cross Blue Shield Association (BCBSA) Information Security may be the right fit for you.

 

The Cyber Defense Team is BCBSA’s first line of defense against attackers. We are passionate security professionals responsible for defending the privacy and security of the data entrusted to us by our members. We are responsible for handling all malicious activity on BCBSA’s networks. The Senior Security Incident Response Engineer will lead BCBSA’s security monitoring, threat hunting, incident response, and forensics activities. This role will lead the IR team in leveraging intuition, general security knowledge, and an array of tools to uncover and respond to malicious activity. Responsibilities include: · Ownership of the maturity roadmap for the Incident Response program with the goal of lowering mean time to detect and respond to incidents.· Lead internal threat hunting program.· Operate as team DFIR technical leader who is able to be technical escalation point for incidents, mentor junior staff, and train team members. · Continually evaluate and enhance incident response processes used to triage security events and track effectiveness.· Evaluate malicious activity on BCBSA networks assets and mitigate threats using a variety of digital forensic and incident response tool, processes, and techniques. · Follow proper evidence collection and chain of custody practices, including the completion of relevant documentation.· Design and build tooling to support maturing capabilities, reporting, and metrics.· Develop and continually improve our incident response playbooks to ensure we efficiently and effectively analyze and respond to security alerts.· Monitor for and respond to alerts, performing forensics investigation and leading junior staff through the lifecycle of an incident. · Manage the execution of Table Top exercises· Maintain current knowledge of vulnerability and threat landscapes.· Participation in Incident Response on-call rotation.

Responsibilities

Responsibilities include but are not limited to:

 

  • Technical lead and escalation point for cyber security related incidents in the corporate environment.
  • Provide oversight to the identification, containment and remediation of a security incident.
  • Execute formalized processes and build a technology stack to establish an advanced threat detection capability. This includes providing technical direction to SoC operations and internal staff to mature the threat detection technology toolset and processes.
  • Improve incident response and threat detection processes and procedures.
  • Design, build and lead threat hunting program. Maintain ownership for operating performance of program that will be delivered by junior staff.
  • Perform forensics and malware reverse engineering activities.
  • Mentoring and team building.

Qualifications

Required Basic Qualifications:

 

  • BS degree in Computer Science, MIS, Computer Engineering or equivalent work experience
  • 8 years experience
  • Industry certification such as GCIH, GCFA, GCFE, GREM or similar
  • BS degree in Computer Science, MIS, Computer Engineering or equivalent work experience
  • Incident response, digital forensics, malware behavioral analysis and reversing, threat detection and security monitoring, application security, network security, or security focused system’s engineering
  • 2 years’ experience investigating network and operating systems artifacts including pcap, logs, memory, file-system, etc
  • 1 year scripting or programming experience in Python, Golang, PowerShell, BASH, Java, C/C++, Perl, or other languages. 1 year experience in handling incident escalations and acting as an incident leader guiding more junior staff or serving as Tier 2+ in a SOC hierarchy model 1 year experience performing dynamic or static analysis of malware using commercial and open source tooling such as IDA Pro, WinDbg, OllyDbg, Ghidra, etc
  • Demonstrated experience with core technical domains such as operating systems (UNIX, Linux, Windows, and MacOS) databases, and networking
  • Experience automating incident response activities including triage files collection and investigation, compromise containment and malware analysis. Expert level experience in Windows operating system forensics. Experience using forensics tools such as EnCase, FTK, SIFT, SleuthKit, Volatility, etc. Experience working with Splunk or other SIEM/threat detection platforms. Experience with leading Endpoint Detection and Response tools such as EndGame, CarbonBlack, Crowdstrike, etc. Experiencing performing incident response in Cloud-native environments
  • Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Deep knowledge of common Enterprise IT architecture and services
  • Ability to think and communicate clearly and effectively during a security event
  • Comfortable communicating security concepts and incident reports to senior leadership

Equal Opportunity Employer

Blue Cross Blue Shield Association is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.