Listing Description
What you’ll do:
Primary duty is responding to security events and incidents
Incident Response activities will include, but are not limited to, triaging security events, network and endpoint forensic analysis, malware reverse engineering, threat hunting, vulnerability escalation, and resolving security incidents from detection to remediation
Create and implement standard operating procedures and processes to help streamline investigations, daily. monitoring and analysis research
Engage with partners in engineering, IT, and operations to respond to and remediate events
Secondary duty will assist build out of Cyber Threat Intelligence capability
Mine open data sources to identify potential cyber threats, targets of interest, and timeframes for attack
Identify, profile, and track threat actors that may be targeting our environment
Carry out threat hunting campaigns and missions and coordination and execution of purple teaming exercises
What’s great about the role:
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe
Solving frontier security problems at scale in a highly technology-focused team
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What we are looking for:
5+ years experience in working in cyber security operations (CSOC, SOC, CIRT, CSIRT) in enterprise environments
Strong knowledge of the following tool categories: Network Intrusion Detection Systems (NIDS)Endpoint Detection & Response (EDR) Security Information & Event Management (SIEM)
Experience with Network Security Monitoring (NSM) methodologies and Ethical Hacking or Red Team engagements
Experience with Cyber Kill Chain framework and Diamond Model for intrusion analysis
Experience with MITRE ATT&CK Framework
Experience with host-centric tools for forensic collection and analysis (SleuthKit, Volatility Framework, FTK, Encase, etc.)
Network Forensics and/or Network Security Monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.) analysis techniques (alert, flow/session and PCAP analysis) Vulnerability scanners such as: Qualys, Nessus, Metasploit, Rapid7, etc
Experience with Languages such as; Python, Java, Scala, PowerShell, Bash, etc. and also with SAAS, PAAS, IAAS, public and private cloud technologies such as AWS or GCP, Containerization technology such as Docker, Kubernetes
Credit Karma is committed to a diverse and inclusive work environment. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with an eye single to fostering an inclusive environment that recognizes the contributions of all. We’ve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated.
Credit Karma is also proud to be an Equal Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or expression, marital status, national origin, disability, genetic information, status as a protected veteran, or any other protected characteristic. We prohibit discrimination of any kind and will also consider qualified applicants with arrest and conviction records in a manner consistent with applicable federal, state, and local law. Our people are everything, our core values are real, and our guiding mission is strong. Join us!
What you’ll do:
Primary duty is responding to security events and incidents
Incident Response activities will include, but are not limited to, triaging security events, network and endpoint forensic analysis, malware reverse engineering, threat hunting, vulnerability escalation, and resolving security incidents from detection to remediation
Create and implement standard operating procedures and processes to help streamline investigations, daily. monitoring and analysis research
Engage with partners in engineering, IT, and operations to respond to and remediate events
Secondary duty will assist build out of Cyber Threat Intelligence capability
Mine open data sources to identify potential cyber threats, targets of interest, and timeframes for attack
Identify, profile, and track threat actors that may be targeting our environment
Carry out threat hunting campaigns and missions and coordination and execution of purple teaming exercises
What’s great about the role:
Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe
Solving frontier security problems at scale in a highly technology-focused team
Spending zero minutes convincing anyone why security is important - we all understand that very well already!
What we are looking for:
5+ years experience in working in cyber security operations (CSOC, SOC, CIRT, CSIRT) in enterprise environments
Strong knowledge of the following tool categories: Network Intrusion Detection Systems (NIDS)Endpoint Detection & Response (EDR) Security Information & Event Management (SIEM)
Experience with Network Security Monitoring (NSM) methodologies and Ethical Hacking or Red Team engagements
Experience with Cyber Kill Chain framework and Diamond Model for intrusion analysis
Experience with MITRE ATT&CK Framework
Experience with host-centric tools for forensic collection and analysis (SleuthKit, Volatility Framework, FTK, Encase, etc.)
Network Forensics and/or Network Security Monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.) analysis techniques (alert, flow/session and PCAP analysis) Vulnerability scanners such as: Qualys, Nessus, Metasploit, Rapid7, etc
Experience with Languages such as; Python, Java, Scala, PowerShell, Bash, etc. and also with SAAS, PAAS, IAAS, public and private cloud technologies such as AWS or GCP, Containerization technology such as Docker, Kubernetes
Credit Karma is committed to a diverse and inclusive work environment. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with an eye single to fostering an inclusive environment that recognizes the contributions of all. We’ve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated.
Credit Karma is also proud to be an Equal Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or expression, marital status, national origin, disability, genetic information, status as a protected veteran, or any other protected characteristic. We prohibit discrimination of any kind and will also consider qualified applicants with arrest and conviction records in a manner consistent with applicable federal, state, and local law. Our people are everything, our core values are real, and our guiding mission is strong. Join us!
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute