Cybersecurity Incident Response Engineer, Threat Hunter and Forensic Analyst

Job Description:

With over 18,000 employees worldwide, the (COMPANY NAME) Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of (COMPANY NAME)'s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The (COMPANY NAME) Detection and Response Team (DART) is looking for a Cybersecurity Incident Response Engineer, Threat Hunter and Forensic Analyst to join their collaborative team. This position will be a vital individual contributor role on the DART team in taking the lead in threat hunting and forensics in delivery of cybersecurity investigations for our customers. You will work in a fast-paced, intellectually intense, service-oriented environment where collaboration and speed are key to our investigations.
 
This is a global position. The role is flexible in that you can work up to 100% from home however short notice travel to work onsite alongside customers will likely be 40% or higher as is demanded by the needs of our customers and business. This position may require you to work a rotational On-Call schedule, evenings, weekends or holiday shift. Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed. 

(COMPANY NAME)'s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Technical-Oriented
* Utilizes engineering tools, customer telemetry and/or direct customer input to identify and flag the defects/signals in the product or product misuse, or an issue with the customer. Tracks customer incidents and with minimal oversight, engages with customers and partners to understand the issue, inform them about the active cases, and communicate progress and next steps to customers. With minimal guidance, contributes to or investigates and troubleshoots the issues using diagnostics
* Gathers feedback from the customers and partners to learn ways in which customers and partners use the service and identify feature and knowledge gaps, misconfigurations, metrics, and key performance indicators (KPIs) in the current product. With minimal guidance, implements new features/tools to improve products. Helps customers and partners stay current with best practices by sharing content via multiple forums. Identifies content improvement or troubleshooting guides. Helps implement automation of complex solutions for the team.
* Identifies and leverages potential developmental opportunities across product areas and business processes (e.g., mentorships, shadowing, trainings) for professional growth and to develop and execute on technical intensity/skilling to resolve customer issues.
 
Customer Solution Lifecycle Management
* Conducts health checks to ensure customer environment (e.g., product, service, feature) is optimized and configured for deployment. With minimal guidance, provides guidance to customers on understanding and implementing new versions, software updates, and releases of platforms within (COMPANY NAME). With minimal guidance, serves as a connecting point between the engineering team and customers representatives throughout the solution lifecycle. With minimal guidance, conducts feature reviews on new deployment to identify gaps. With managerial support, provides guidance to customers on designing configurations and deploying solutions on (COMPANY NAME) platforms. With minimal guidance, engages with customers to understand their business and availability needs to then help develop guidance to meet deployment needs.
* Serves as a connecting point and escalates specific customer issues to appropriate teams to resolve customer issues. Communicates progress and keeps stakeholders aligned with respect to escalations. With some supervision, handles escalations on customer issues from the support or field teams. Escalates issues to seniors or managers within the team, if more assistance is needed. With minimal oversight, conducts root-cause analysis of the issues and follows up with the customers.
 
Relationship/Experience Management
* Collaborates with the relevant product and business groups on how customers use the product. Understands and identifies gaps in customer scenarios and product limitations. Provides details to the product and business groups on customer product experience and usage. With minimal supervision, acts as a voice of customers (VOCs) to inform product and business groups on customer product experience and usage.
* With minimal guidance, partners with other teams (e.g., program managers, software engineers, product, customer service support [CSS] teams) to review and unblock, and resolve customer incidents/issues. Collaborates with internal partner teams to supports delivery of solutions back to the customers. Informs stakeholders on customer progression including issues. Independently starts to build partnerships with internal technical teams to update the troubleshooting resources. With minimal guidance, works with the relevant product and business groups to resolve customer issues.
Other
* Embody our culture and values

Candidate Requirements:

Required/Minimum Qualifications
* Bachelor's Degree in Engineering, Computer Science, or related field AND 2+ years experience in software industry experience related to technology
* OR equivalent experience.
* Business level fluency to read, write and speak Portuguese and English.
Other Requirements
* Ability to meet (COMPANY NAME), customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: (COMPANY NAME) Cloud Background Check: This position will be required to pass the (COMPANY NAME) Cloud background check upon hire/transfer and every two years thereafter. 
Additional or Preferred Qualifications
* Bachelor's Degree in Engineering, Computer Science, or related field AND 5+ years software industry experience related to technology
* OR equivalent experience.
* Business level fluency to read, write and speak Spanish.
* 1+ year(s) customer facing experience.
* Threat Hunting in reactive incident response scenarios to identify initial access, lateral movement, persistence mechanisms, staging and exfiltration, and impact, and proactive scenarios to identify opportunities to reduce unnecessary risk, improve overall maturity, or evidence of an undiscovered compromise.
* Threat hunting across networks, various cloud platforms and endpoints with indicators of compromise, hunting for evidence of a compromise.
* Identify attacker tools, tactics, and procedures to develop indicators of compromise.
* Identify and investigate intrusions to determine the cause and extent of the breach.
* Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations.
* In-depth knowledge of digital forensics in relation to the Windows operating system, including the ability to parse and interpret various artifacts accurately to provide historical context when perform an investigation. Equivalent knowledge in Linux, macOS, and memory captures also desirable.
* Experience conducting forensic investigations involving the collection and analysis of data from (COMPANY NAME) cloud products. Equivalent knowledge in third-party Cloud and identity providers also desirable.
* Experience acquiring both disk and memory images.
* In-depth knowledge of enriching investigations utilizing a SIEM solution.
* Experience with including the analysis of data ingested from additional sources such as firewalls, VPNs, third-party AV and EDR solutions.
* Programming/scripting and a database query language for manipulating data.
* Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.
(COMPANY NAME) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with (COMPANY NAME) and the country where you work