Lead Incident Responder

2K is headquartered in Novato, California and is a wholly owned label of Take-Two Interactive Software, Inc. (NASDAQ: TTWO). Founded in 2005, 2K Games is a global video game company, publishing titles developed by some of the most influential game development studios in the world. Our studios responsible for developing 2K’s portfolio of world-class games across multiple platforms, include Visual Concepts, Firaxis, Hangar 13, CatDaddy, Cloud Chamber, 31st Union, and HB Studios. Our portfolio of titles is expanding due to our global strategic plan, building and acquiring exciting studios whose content continues to inspire all of us! 2K publishes titles in today’s most popular gaming genres, including sports, shooters, action, role-playing, strategy, casual, and family entertainment.

Our team of engineers, marketers, artists, writers, data scientists, producers, thinkers and doers, are the professional publishing stewards of our growing library of critically-acclaimed franchises such as NBA 2K, 2K PGA, Battleborn, BioShock, Borderlands, The Quarry, The Darkness, Mafia, Sid Meier’s Civilization, Marvel’s Midnight Suns, WWE 2K, and XCOM.

At 2K, we pride ourselves on creating an inclusive work environment, which means encouraging our teams to Come as You Are and do your best work! We encourage ALL applicants to explore our global positions, even if they don’t meet every requirement for the role. If you're interested in the job and think you have what it takes to work at 2K, we encourage you to apply!

We are looking for a motivated Incident Responder for high-profile incident leading the team and effectively communicating with cross-team members while executing and improving the 2K Incident Response Plan. This individual will train Security Analysts on advanced incident response techniques, contribute to maturing a global Security Operations program, and help bring it to life with cutting-edge security monitoring technologies and techniques.

When the Incident Responder is not actively involved in an incident, the position will be responsible for threat hunting and creating new detection rules. The ideal candidate will have a deep understanding of cybersecurity, network security, and SIEM technologies working independently to implement automation and response workflows.

• Lead technical analysis and resolution of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis to reconstruct what may have transpired on a system.
• Respond to incidents in cloud, on-prem, and hybrid environments
• Coordinate incident response efforts and provide timely updates on incident status with internal partners, including IT teams, business units, and senior management.
• Conduct post-incident reviews and root cause analyses to identify areas of opportunity and ensure that similar incidents are prevented in the future.
• Work closely with the Security Operations Center (SOC), and Security Engineering teams to build new tailored security detections.
• Act as a critical issue point for level I and II Analysts.
• Assess and enhance incident response plans, log monitoring, mitigation, and recovery strategies.
• Provide recommendations to automated Security Orchestration and Response workflows to upgrade our organization's security posture.

• Three to five years of demonstrable experience in Incident Response, Forensics, or security automation and response.
• Expert in cyber incident response investigations, including containment, eradication, and remediation activities.
• Experience with the drafting post-incident reports to senior leadership to convey impact, origin, root cause, and remediation.
• Able to analyze and correlate logs from a mixed environment containing the major Operating Systems, public clouds, firewalls, etc.
• Must have an understanding of the capabilities of a variety of Security platforms (EDR, IDS/IPS, XSOAR, Prisma, etc.).
• Development experience (Python, PowerShell, Bash) used to automate security operations and incident response processes.
• Familiarity with common cyber security frameworks such as Mitre ATT&CK, SANS Top 20, Cyber Kill Chain, and OWASP Top 10
• Advanced Industry security certifications are preferred, such as GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or similar.
• Occasional travel

A comprehensive benefits program is an important component of your total rewards package. Take-Two Interactive Software, Inc. offers an attractive benefits program designed to provide you with coverage options with the flexibility to meet both individual and family needs. Some of our offerings include:

• Health Care Benefits
• Health Savings Account (HSA) Including Company Contribution
• Employee Stock Purchase Plan
• 401k Retirement Plan
• Life and Disability Benefits
• Group Legal Plan
• Wellbeing Program
• Childcare Benefits
• Flexible Spending Account (FSA)
• Generous Compassionate Leave
• Companywide End of Year Break

As an equal opportunity employer, we are committed to ensuring that qualified individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform their essential job functions, and to receive other benefits and privileges of employment. Please contact us if you need reasonable accommodation.

Please note that 2K Games and its studios never uses instant messaging apps or personal email accounts to contact prospective employees or conduct interviews and when emailing, only use 2K.com accounts.

#LI-Remote
#LI-Onsite
#LI-Hybrid