Principal Threat Engineer Job in Ingram Micro

Job Description

Key Responsibilities

• Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
• Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
• Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and Splunk to determine source of compromises and malicious activity that occurred.
• Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
• Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
• Lead the Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
• Work closely with other members of the Information Security team to lead changes in the company's defense posture.
• Maintaining proper chain of custody of evidence and associated documentation
• Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.

Skills & Experience

• 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase tool.
• 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
• 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent)
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Experience with cloud services.
• Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
• Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
• Deep understanding of internals and constructs of modern operating systems.
• Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
• Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
• Relevant security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).

Job Qualifications and Educational Requirements

• Bachelors degree from an accredited University or equivalent work experience
• Work Experience: 10+ years; 5+ directly related to role
• Pass a proficiency exam related to the role