Job Overview:

The Senior Cybersecurity Engineer is responsible for performing incident response investigations, security technology evaluations and decision making, SOAR utilization, and will drive continuous improvement of the UNFI Cybersecurity Digital Forensics and Incident Response (DFIR) program. The role is responsible for identification and resolution of cybersecurity opportunities and issues within the UNFI environment. The role functions as part of the cybersecurity operations team and collaborates cross functionally with the Threat Intelligence, Offensive Security, Governance Risk and Compliance, and Security Architecture and Engineering teams. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.

Job Responsibilities:

•        Performs incident response for multiple varieties of security alerts for hardware, software, networks, web applications, cloud services, databases, directory services, and infrastructure.
•        Evaluates technologies such as SIEM, SOAR, EDR, and Threat Intelligence as well as Managed Detection and Response, ASOC, MSSP.
•        Evaluates new threat and anomaly detection sources and determine value, relevance, and integration with IR processes, especially Cloud technologies such as AWS Guard Duty/CloudTrail/Detective, Azure Security, GCP Security, Wiz CSPM and Cloud Detection and Response.
•        Assesses threats to UNFI (Threat Intel, Zero-Days, Vulnerabilities, Threat Actors, Malware) and determine risk, coverage of controls, and create new detection/prevention content using SIEM, EDR, IPS/IDS capabilities. Determine need. Test detection and response capabilities.
•        Research attempted or successful efforts to compromise systems security and designs countermeasures.
•        Designs and collaborates on development of SOAR application runbooks, incident templates, dashboards, reports, jobs, etc.
•        Creates security threat assessments using Kill Chain and MITRE ATT&CK methodologies and familiarity with principles of active defense.
•        Performs forensic investigations as needed and approved in support of Cyber security, HR, and Legal department needs.
•        Responds and investigates potential security incidents when reported, escalated, assigned, or witnessed via any of several sources.
•        Identifies intel sources, both open source and otherwise, and partners with the Threat Intelligence Analyst to integrate into IR assessments, monitoring, and response processes.
•        Completes analysis of threat actors which may pose a risk to the organization / industry, and preparation and dissemination of risk profiles and threat assessments.
•        Completes monitoring, assessment, and escalation of new 0-day threats and critical vulnerabilities.
•        Participates in system and network security audits to identify security weaknesses and vulnerabilities and reports to management.
•        Leverages security applications, such as SIEM, IDS, EDR, and vulnerability management solutions for analysis and investigation.
•        Serves as a member of the security incident response team.
•        Compiles and analyzes data for management reporting and metrics as directed.
•        Conducts root cause analysis and communicates outcomes in a clear and consistent manner.
•        Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
•        Demonstrates expert-level knowledge and skills in the technical, process, organizational, and philosophical aspects of information technology, information security, and information risk management disciplines.
•        Participates in periodic review of penetration testing requirements, assessments, and remediation of critical findings.
•        Performs other duties as assigned.

Job Requirements:

Education/Certification:

•        BA/BS in Computer or Cybersecurity domain.
•        At least 1 industry leading or senior level cybersecurity certification, for example: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (or Analyst) (GCFE/A), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Penetration Tester (GCPN), EC-Council Certified Network Defender (E|CND), EC-Council Certified Incident Handler (E|CIH).
•        CISSP and/or CompTIA Security+ certification.
  

Experience:

•        6 -10 years of hands-on cybersecurity experience within IT environments including forensics and incident response, detection engineering and operations, endpoint detection and response, network detection and response, enterprise forensics, vulnerability management, penetration testing, malware analysis, and/or security engineering.
•        3+ years of experience in network, server, or systems administration including scripting/coding.
•        2+ years of experience in Cloud technologies (DevOps, architecture, defense, IR, or forensics).
•        2+ years of experience in application development in a large, highly diverse, and distributed environment.

Knowledge/Skills/Abilities:

•        Expertise in Incident Response and Forensics involving Cloud (AWS Guard Duty, Cloud Trail, Detective, GCP Security, Azure Defender, Wiz Threat Detection and Cloud Detection and Response/Incident Response).
•        Expertise with Multiple SIEMs, EDRs, and NDR’s including Rapid7 InsightIDR, Google Chronical or Sec Ops, Splunk, SentinelOne, CrowdStrike, MS Defender, or MS Sentinel.
•        Expertise in IPS and IDS technologies and detection engineering (Cisco FTD, SNORT, Suricata).
•        Detection Content Engineering using SIEM and EDR query languages.
•        Knowledge of development of Yara rules for malware detection and hunting.
•        Knowledge of development of Sigma rules based on security testing, MITRE ATT&CK, testing and red teaming.
•        Knowledge of, and experience with MITRE ATT&CK TTPs, Cyber Kill Chain methodologies, DeTT&CT.
•        Experience with technologies and processes including: SIEM, EDR, VM, AV, SOAR, Firewall, IDS/IPS, Web Proxy, packet capture and analysis, forensic imaging and analysis, memory analysis.
•        Knowledge and experience with Common Internet Protocols: TCP, UDP, ICMP, FTP, etc.
•        Scripting experience (python, PowerShell, etc.) preferred.
•        Security testing with ATTOMIC RED TEAM, and penetration testing knowledge and experiences is preferred.
•        Knowledge of malware testing and reverse engineering.
•        Understanding of basic penetration testing with the following tools and concepts: various C2s, Burp Suite, Nmap, Wireshark, Bloodhound.
•        Ability to employ OSINT techniques to understand attack vectors.
•        Understanding of evasion techniques for common security tools.
•        Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors.
•        Knowledge of web application and cloud infrastructure best practices and understanding of how to detect exploitation of misconfigurations and vulnerabilities.
•        Knowledge of network access, identity, and access management, including public key infrastructure and understanding of how to detect exploitation of misconfigurations and vulnerabilities.
•        Ability to translate technical findings into actionable insights.
•        Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team’s knowledge sharing.
•        Strong independent direction and ability to multi-task.
•        Flexible and adaptable to learning and understanding new technologies.
•        Strong written, verbal, and interpersonal communication skills.
•        Ability to work extremely well under pressure while maintaining a professional image and approach.
•        Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants.
•        Exceptional information analysis abilities: ability to perform independent analysis and distill relevant findings and root cause.
•        Comfortable discussing complex findings and issues with variety of audiences, including C-suite level.
•        Self-driven and able to reach deadlines on-time with minimal direction.
•        Good judgment is required for this position as there may be times when direct supervision may not be immediately available.

The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties, and skills required of personnel so classified may vary within each department and/or location.

Work Environment:
Remote Role:
· This position is classified as remote where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.

Additional Information

•        Schedule: Full-time

#LI-Remote