Sr. Cybersecurity Engineer-Remote
Détails de l’offre d’emploi
- Réf. de l’offre d’emploi:
- 167306
- Lieux:
- Providence, RI 02908
- Flexibilité géographique:
- À distance
- Catégorie:
- IT
- Type d’emploi:
- Temps plein
- Statut de l’emploi :
- Exempt
- Date de clôture prévue:
- 29 janvier 2025
- Base de rémunération
- Yearly
- Échelle salariale
- $100200.00 - $193400.00 Annually ($48.17 - $92.98 Hourly)
- Marque
- UNFI
Job Overview:
The Senior Cybersecurity Engineer is responsible for performing incident response investigations, security technology evaluations and decision making, SOAR utilization, and will drive continuous improvement of the UNFI Cybersecurity Digital Forensics and Incident Response (DFIR) program. The role is responsible for identification and resolution of cybersecurity opportunities and issues within the UNFI environment. The role functions as part of the cybersecurity operations team and collaborates cross functionally with the Threat Intelligence, Offensive Security, Governance Risk and Compliance, and Security Architecture and Engineering teams. The role is expected to independently lead engagements from conception to completion, communicate technical details to partners and senior leadership, mentor junior staff, and provide technical direction to the program.
Job Responsibilities:
- Performs incident response for multiple varieties of security alerts for hardware, software, networks, web applications, cloud services, databases, directory services, and infrastructure.
- Evaluates technologies such as SIEM, SOAR, EDR, and Threat Intelligence as well as Managed Detection and Response, ASOC, MSSP.
- Evaluates new threat and anomaly detection sources and determine value, relevance, and integration with IR processes, especially Cloud technologies such as AWS Guard Duty/CloudTrail/Detective, Azure Security, GCP Security, Wiz CSPM and Cloud Detection and Response.
- Assesses threats to UNFI (Threat Intel, Zero-Days, Vulnerabilities, Threat Actors, Malware) and determine risk, coverage of controls, and create new detection/prevention content using SIEM, EDR, IPS/IDS capabilities. Determine need. Test detection and response capabilities.
- Research attempted or successful efforts to compromise systems security and designs countermeasures.
- Designs and collaborates on development of SOAR application runbooks, incident templates, dashboards, reports, jobs, etc.
- Creates security threat assessments using Kill Chain and MITRE ATT&CK methodologies and familiarity with principles of active defense.
- Performs forensic investigations as needed and approved in support of Cyber security, HR, and Legal department needs.
- Responds and investigates potential security incidents when reported, escalated, assigned, or witnessed via any of several sources.
- Identifies intel sources, both open source and otherwise, and partners with the Threat Intelligence Analyst to integrate into IR assessments, monitoring, and response processes.
- Completes analysis of threat actors which may pose a risk to the organization / industry, and preparation and dissemination of risk profiles and threat assessments.
- Completes monitoring, assessment, and escalation of new 0-day threats and critical vulnerabilities.
- Participates in system and network security audits to identify security weaknesses and vulnerabilities and reports to management.
- Leverages security applications, such as SIEM, IDS, EDR, and vulnerability management solutions for analysis and investigation.
- Serves as a member of the security incident response team.
- Compiles and analyzes data for management reporting and metrics as directed.
- Conducts root cause analysis and communicates outcomes in a clear and consistent manner.
- Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
- Demonstrates expert-level knowledge and skills in the technical, process, organizational, and philosophical aspects of information technology, information security, and information risk management disciplines.
- Participates in periodic review of penetration testing requirements, assessments, and remediation of critical findings.
- Performs other duties as assigned.
Job Requirements:
Education/Certification:
- BA/BS in Computer or Cybersecurity domain.
- At least 1 industry leading or senior level cybersecurity certification, for example: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (or Analyst) (GCFE/A), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Penetration Tester (GCPN), EC-Council Certified Network Defender (E|CND), EC-Council Certified Incident Handler (E|CIH).
- CISSP and/or CompTIA Security+ certification.
Experience:
- 6 -10 years of hands-on cybersecurity experience within IT environments including forensics and incident response, detection engineering and operations, endpoint detection and response, network detection and response, enterprise forensics, vulnerability management, penetration testing, malware analysis, and/or security engineering.
- 3+ years of experience in network, server, or systems administration including scripting/coding.
- 2+ years of experience in Cloud technologies (DevOps, architecture, defense, IR, or forensics).
- 2+ years of experience in application development in a large, highly diverse, and distributed environment.
Knowledge/Skills/Abilities:
- Expertise in Incident Response and Forensics involving Cloud (AWS Guard Duty, Cloud Trail, Detective, GCP Security, Azure Defender, Wiz Threat Detection and Cloud Detection and Response/Incident Response).
- Expertise with Multiple SIEMs, EDRs, and NDR’s including Rapid7 InsightIDR, Google Chronical or Sec Ops, Splunk, SentinelOne, CrowdStrike, MS Defender, or MS Sentinel.
- Expertise in IPS and IDS technologies and detection engineering (Cisco FTD, SNORT, Suricata).
- Detection Content Engineering using SIEM and EDR query languages.
- Knowledge of development of Yara rules for malware detection and hunting.
- Knowledge of development of Sigma rules based on security testing, MITRE ATT&CK, testing and red teaming.
- Knowledge of, and experience with MITRE ATT&CK TTPs, Cyber Kill Chain methodologies, DeTT&CT.
- Experience with technologies and processes including: SIEM, EDR, VM, AV, SOAR, Firewall, IDS/IPS, Web Proxy, packet capture and analysis, forensic imaging and analysis, memory analysis.
- Knowledge and experience with Common Internet Protocols: TCP, UDP, ICMP, FTP, etc.
- Scripting experience (python, PowerShell, etc.) preferred.
- Security testing with ATTOMIC RED TEAM, and penetration testing knowledge and experiences is preferred.
- Knowledge of malware testing and reverse engineering.
- Understanding of basic penetration testing with the following tools and concepts: various C2s, Burp Suite, Nmap, Wireshark, Bloodhound.
- Ability to employ OSINT techniques to understand attack vectors.
- Understanding of evasion techniques for common security tools.
- Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors.
- Knowledge of web application and cloud infrastructure best practices and understanding of how to detect exploitation of misconfigurations and vulnerabilities.
- Knowledge of network access, identity, and access management, including public key infrastructure and understanding of how to detect exploitation of misconfigurations and vulnerabilities.
- Ability to translate technical findings into actionable insights.
- Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team’s knowledge sharing.
- Strong independent direction and ability to multi-task.
- Flexible and adaptable to learning and understanding new technologies.
- Strong written, verbal, and interpersonal communication skills.
- Ability to work extremely well under pressure while maintaining a professional image and approach.
- Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants.
- Exceptional information analysis abilities: ability to perform independent analysis and distill relevant findings and root cause.
- Comfortable discussing complex findings and issues with variety of audiences, including C-suite level.
- Self-driven and able to reach deadlines on-time with minimal direction.
- Good judgment is required for this position as there may be times when direct supervision may not be immediately available.
The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties, and skills required of personnel so classified may vary within each department and/or location.
Work Environment:
Remote Role:
· This position is classified as remote where the associate will perform remote work from their primary residence. Remote associates are welcome to work from the office but are not required to do so. While remote associates are not required to work from an office on a regular basis, they may be required to come to the office or other UNFI locations for necessary business reasons or if directed to do so by their manager.
All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.
Additional Information
- Schedule: Full-time
#LI-Remote
- Société:
- United Natural Foods Inc.
Rémunération:
UNFI prévoit de payer le taux de rémunération mentionné ci-dessus (ou dans la fourchette de rémunération mentionnée ci-dessus) pour ce poste. La rémunération réelle, le cas échéant, dépendra d’un certain nombre de facteurs, y compris, mais sans s’y limiter, l’éducation, l’expérience, la formation et toute exigence en vertu des conventions collectives applicables. UNFI s’engage à faire preuve de transparence en matière de paie, conformément aux lois nationales et locales en vigueur.
Avantages:
Pour les postes à Washington (ou les postes pouvant être exercés à distance depuis Washington), cliquez ICI pour connaître les détails concernant les congés payés de l’État de Washington.
Les candidats embauchés pour ce poste seront également admissibles aux programmes d’avantages suivants : congé payé ; congé de maladie ; vacances et congé parental ; programme 401K ; assurance médicale, soins dentaires, soins de la vue, assurance vie et assurance décès/démembrement accidentel ; programme d’assurance invalidité à court et à long terme, allocation de dépenses flexible et/ou compte d’épargne santé, sous réserve de satisfaire aux conditions d’admissibilité et aux modalités de ces programmes, et sous réserve de toute exigence en vertu des conventions collectives applicables.
Emplois dans le domaine de la vente uniquement : Pour les postes de vente rémunérés à la commission, la fourchette ci-dessus est une estimation de la rémunération totale potentielle à la commission au cours de la première année de l’employé, mais UNFI offre une période d’introduction d’un montant minimum de 680 $ par semaine. Après la période d’introduction, comme il s’agit d’un poste basé à 100 % sur les commissions, il n’y a pas de salaire fixe. Les plans de commission de UNFI ne sont pas plafonnés et les revenus moyens varient en fonction du territoire et des ventes réalisées, ainsi que d’autres facteurs.
Les politiques de UNFI en matière de rémunération, de prestations ou avantages sociaux et de congés payés sont susceptibles d’être modifiées à la seule discrétion de la société, dans le respect de la législation en vigueur. Cette offre d’emploi ne doit pas être interprétée comme une offre d’emploi comprenant certaines modalités ni comme une garantie de revenu minimum.
En savoir plus sur nos marques:
Featured Jobs
Supply Chain Analyst I
Rocklin, CAPurpose : The Supply Chain Analyst will provide analysis and support for driving change initiatives in the Supply Chain. The position will assist in the preparation of various financial activities including data gathering, trending, modeling, forecasting, planning, and reporting. Collects information from various areas across the company to assist …
Part Time Cashier
Minneapolis, MNCub Uptown on Lagoon Avenue is looking for a dedicated individual to fill a part time cashier position! Cashiers at Cub follows front end checkout procedures in all transactions, maintaining positive customer relations, and expedient processing of all orders. This position requires on-going customer interaction, providing prompt, courteous and accurate …
Warehouse Sanitation
Quincy, FLJoin our team and immediately become part of the largest distributor of conventional, natural, organic and specialty products in the United States and Canada. We serve over 43,000 customer locations with 200,000 different products. Our Warehouse associates supply thousands of consumers with better for your food that nourishes families nationwide. …