Listing Description
Are you passionate about information security?
Do you enjoy solving puzzles, addressing complex problems, working in a fast-paced environment, and guiding others in the finer points of cybersecurity incident response?
If so, we’d love to hear from you!
Zions Bancorporation is seeking a motivated, collaborative, experienced Incident Response Engineer to join our team of dedicated cybersecurity operations professionals! The Zions Cybersecurity Operations Center (CSOC) is responsible for primary cybersecurity incident response, forensics, and cyber resiliency. We work with the latest tools and methods, as well as partners across the rest of the security division, IT, and the cybersecurity industry, but we also know how to roll up our sleeves with some old-fashioned detective work when needed.
Your Responsibilities:
-Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization
-Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents
-Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar
-Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation
-Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools
-Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities
Qualifications:
-6+ years of progressive technical experience in one or more technical cybersecurity domains, with at least 2+ years of that time in an incident response role
-Hands-on technical experience with one or more commercial SIEM products such as Splunk Enterprise Security, Qradar, LogRhythm, ArcSight, NetWitness, etc., which should include familiarity with defining and writing alert conditions/use cases in addition to daily use for investigating incidents
-Very strong interpersonal and written communication skills, including the ability to produce technical documentation, standard operating procedures, and incident response playbooks
-Deep technical familiarity with networking concepts, architectures and tools, including network traffic analysis, proxies, functionality of network switches, load balancers, routers and firewalls
-Advanced working knowledge of common attack vectors, different classes of attacks (e.g., passive, active, insider, close-in, distributed, etc.) and general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks, etc.)
-Advanced knowledge of system administration concepts for UNIX/Linux and Windows operating systems
-Development experience with scripting languages such as R, HIVE, Python, JavaScript, etc, is a plus
-Experience with threat hunting methods and approaches is a plus
-Technical certifications such as GNFA, CISSP are a plus
-Requires a Bachelor's in Information Technology, Computer Science, Business or a related technical field. A combination of education and experience may meet qualifications.
*Remote work optional-Act as senior, key contributor to the CSOC strategy and technical approach to cybersecurity incident response, including tool/vendor selection and process optimization
-Respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents
-Act as subject matter expert in multiple security tools and processes such as SIEM, IDS, EDR, DLP, and similar
-Develop and implement monitoring use cases, incident response procedures, playbooks and other technical documentation
-Collaborate with Cybersecurity Architecture and IT in monitoring and alerting infrastructure, processes and tools
-Train, mentor and guide other team members (across both the CSOC and other Information Security departments) on incident response practices, tooling and capabilities
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Optional Telecommute