Paranoids Incident Response Engineer

Website Yahoo (Oath)

Paranoids Incident Response Engineer
Dulles, VA

A Little About Us
When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Oath one of the safest places on the Internet.

We are the information security team at Oath; known as “The Paranoids“.

Specifically, we are the FIRE Team (Forensics, Incident Reponse and Engineering), similar in purpose but not your typical Incident Response team. We perform FIRE operations to bring hosts and networks back from security emergencies. We hunt, monitor and boot adversaires from our networks using traditional, modern, and experimental techniques.

The FIRE team is made up of generalist security rockstars who often fit the description “jack of all trades, master of none.” The folks on our team can handle anything that comes our way whether that be with prior experience or the raw talent to simply figure it out on the fly. Oath has experts in every technology to lean on when we need support, but our team takes the lead for all incidents for all Oath properties and brands.

If you like being in a high-pressure, high-performing environment working with knowledgeable and motivated colleagues, we have an incredible team-oriented group of like-minded individuals for you to join.

Responsibilities:

  • Search our massive dataset for indicators of compromised hosts or accounts.
  • Detect and monitor attackers, identify their objectives, and kick’em out.
  • Provide remediation guidance for insecure systems.
  • Build, improve and test our detection capabilities to prepare for worst-case scenarios.
  • Identify automation opportunities, create requirements and determine if we should buy, outsource, or build a solution within The Paranoids.
  • Provide feedback for longer term projects based on emergency solutions.
  • Provide TTPs to other Paranoid teams to enhance their abilities.
  • Guide the collection of additional data to support our hunting and analysis.
  • Organize and participate in regular post-mortems to educate Paranoids and other business units

Minimum Qualifications:

  • Proven communication skills and the ability to influence people and groups
  • Ability to work within an on-call shift rotation.
  • Minimum of 2+ years of combined experience in forensics, penetration testing, log analysis, network monitoring or other SOC-like operations
  • BS or MS in Computer Science or Cyber Security; or equivalent experience.
  • Experience with large data handling: problems and techniques.
  • Training in Incident Handling: GIAC GCIH or GCIA or similar experience.

Preferred Qualifications:

  • Large scale data analysis experience with splunk, hadoop, R, python, or similar.
  • Programming experience in multiple of: bash, python, perl, javascript, php
  • Training in attacker techniques: OSCP, GWAPT, GPEN, or similar experience.
  • Experience with IOC management tools: CRITs, MISP, or similar experience.
  • Experience with EnCase, FTK, Remnux, Volatility, GRR, Rekall, or similar.
  • Experience with Kibana, or Moloch.
  • Experience with EDR solutions (Crowdstrike, Mandiant/Fireeye, etc.)