Cybersecurity Engineer- Incident Response (remote opportunity)

Summary: This position is responsible for leading and supporting all efforts to secure the enterprise within the Incident Response (IR) and Vulnerability Management (VM) practice areas. You will have the opportunity to shape the program and directly impact the operational capabilities of your assigned focus areas. In addition, as part of a team of trained security subject matter leaders you may be asked to support additional practice areas such as endpoint detection and response (EDR), End User Behavior Analysis (EUBA), Data Loss Prevention (DLP), Security Orchestration Automation and Response (SOAR), and similarly aligned security practices. You will drive efforts in designing, implementing, administering, and supporting enterprise security controls for both on prem and cloud environments. You should bring an eagerness to learn new skills and technologies, a passion for security and solving security related puzzles, an open mind for collaboration, and a drive to overcome obstacles and seek successful solutions.

What You'll Be Doing:

• Architecting, implementing, administering, and supporting enterprise security strategies and controls focused on but not limited to incident response (IR) and vulnerability management (VM) for a hybrid on-prem and cloud infrastructure.
• Provide analysis and recommendations for the continuous improvement of the overall enterprise security posture.
• Collaborating with and occasionally leading cross functional teams to improve overall security posture specifically focused on IR and VM controls.
• Leveraging solutions such as Tenable, Rapid7, Qualys, Varonis, Prisma, BeyondTrust, Okta, Elk, Zscaler, Forcepoint, and similarly aligned applications to improve enterprise security.
• Lead IR team activities for responding to various cybersecurity incidents including but not limited to tabletop simulations, operational readiness exercises, standard operating procedures (SOP) validations, and disaster scenarios.
• Track and own security incidents from detection to resolution, engaging in any containment, eradication, recovery, and tuning actions as needed
• Perform analysis of various log sources, SIEM alerts, IDS/IPS alerts, host activity, and network traffic to identify suspicious or unauthorized activity.
• Lead the forensic analysis of compromised assets.
• Prepare and continually improve SOP documentation, methodologies, and readiness capabilities.
• Interact with and lead as needed initiatives, projects, and relationships with third party solution providers.
• Prepare and update Cybersecurity procedures, standards and/or other technical requirement documents.
• Participate in the review and implementation of security solutions aimed to enhance incident response capabilities
• Investigate, escalate, and respond to potential security events and user inquiries
• Participate in alert development and tunning efforts and collaborate with third party support vendors to improve visibility and monitoring capability and procedures.
• Collaborate with security and infrastructure teams to implement consistent technical solutions and support processes.
• Evaluate and harden tooling and instrumentation to prevent cybersecurity exploits.
• Provide input on the roadmap for addressing capability gaps, maturity improvements, and innovations.
• Perform and/or coordinate regular security assessments of existing or new infrastructure.
• Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of enterprise system assets and to protect enterprise system from intentional or inadvertent access, compromise, or destruction.
• Assist with monitoring and auditing of information systems activities and systems to confirm security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
• Work with stakeholders to provide security solutions that support their business requirements.
• Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
• Identify security gaps that expose the enterprise to potential exploits and develop short and long term prioritized remediations to address those gaps ensuring management is apprised of the risk in a timely manner.
• Mentor and develop other team members.
• Promote security centric knowledge sharing and enterprise security training.
• Assist with on-call support as needed.
• Performing additional duties as assigned.

What You'll Bring To The Company:

Required:

• Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
• In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform.
• Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations.
• Experience and proficiency with any of the following: EDR, Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics
• Experience with malware analysis concepts and methods.
• Familiarity or experience in Cyber Kill Chain methodology and/or MITRE ATTACK framework.
• Knowledge of Virtualization and Cloud security.
• Familiarity and/or previous experience with at least one of the following: Tenable, Rapid7, Qualys.
• Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems.
• Knowledge of popular databases such as MSSQL, Oracle, and MySQL.
• Experienced or conversant with public cloud computing - AWS (preferred), Azure and/or GCP.
• Ability to interpret information security data and processes to identify potential compliance issues.
• Ability to quickly understand complicated data flows to identify and validate security requirements.
• Must be a team player and willing to establish a strong positive working relationship with all areas of the business.
• Ability to work effectively, independent of assistance or supervision.
• Innovative, creative, and extremely responsive with a strong sense of urgency.
• Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
• Individual must be goal oriented, organized, and motivated to learn and advance to a higher level within professional career.
• Strong interest in learning new and emerging technologies.
• Good understanding of Security and systems best practices.
• Willing to share knowledge with co-workers and to assist them in understanding technical and business topics.

Preferred:

• Experience and proficiency with any of the following: MDR, IAM, PAM, DLP, IDR
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Bachelor's degree in engineering, computer science, or IT related field or seven to ten years of experience as an advanced system engineer is preferred.
• Seven or more years of engineering experience developing and delivering complex, distributed, enterprise class hardware/software, and creating successful business outcomes.
• Experience with agile methodologies and practices a plus.

About Us:

Grange Insurance Company, with $3 billion in assets and more than $1.3 billion in annual revenue, is an insurance provider founded in 1935 and based in Columbus, Ohio. Through its network of independent agents, Grange offers auto, home, life and business insurance protection. Life insurance offered by Grange Life Insurance and Kansas City Life Insurance. Grange Insurance Company and its affiliates serve policyholders in Georgia, Illinois, Indiana, Iowa, Kentucky, Michigan, Minnesota, Ohio, Pennsylvania, South Carolina, Tennessee, Virginia and Wisconsin.

Who We Are:

We are committed to an inclusive work environment where we welcome and value diversity and inclusion. We hire great talent from a wide variety of backgrounds, and our associates are our biggest strength. The diversity of our associates, their backgrounds, experiences, and individual differences are the foundation for our success. Our inclusive culture empowers all of us to "Be One Team", "Deliver Excellence", "Communicate Openly", "Do the Right Thing", and "Solve Creatively for Tomorrow". We have active Associate Resource Groups and a Diversity and Inclusion Team, that focuses on professional development, networking, business value and community outreach; all which encourage and facilitate an environment that fosters learning, innovation, and growth. Together we use our individual experiences to learn from one another and grow as professionals and as humans.

We welcome the unique contributions that you bring from education, opinions, culture, beliefs, race, color, religion, age, sex, national origin, handicap, disability, sexual orientation, gender stereotyping, gender identity or expression, genetic information, ancestry, pregnancy, veteran status, and citizenship.

Grange Enterprise is proud to be part of the CEO Action for Diversity and Inclusion™, a national initiative of more than 1400 CEOs working for the advancement of diversity and inclusion within the workplace.