Your opportunity
New Relic’s Information Security Team is searching for a Security Incident Response Engineer! If you enjoy a work environment where you're part of a successful distributed team that collaborates to achieve successful outcomes, we would love to talk to you! In this role, you will use your background and deep understanding of how attackers gain access to systems and apply it to respond to cyber security incidents covering all phases including identification, containment and eradication.
As an engineer of our growing Security Response team, you will collaborate with teams throughout the organization, providing security insight, mitigation strategies, and preventive measures from detections. You will help develop our security program through collaboration, investigation, documentation, and engineering practices.
What you'll do
- Support and maintain response strategy and tooling to severe incidents and key attack scenarios.
- Support the SOC alert lifecycle: triage security risk, investigate alerts, develop runbooks, policies and procedures to help the company respond, and run retrospectives to coordinate effort across the company to prevent future incidents.
- Maintain healthy working relationships with our managed security service providers and respond to incident escalations.
- Maintain coordination and communication streams horizontally and vertically as part of major cyber related incident handling.
- Know the latest APT tactics and techniques and use engineering practices to detect and respond.
- Provide technical expertise to engineering teams on standard methodologies, tools and frameworks.
- Work with product managers, senior management, and end users to drive security maturity across the business.
This role requires
- You have at least two years of recent experience working in a threat hunting, threat intelligence, incident response, SOC analyst or security engineering role
- Experience configuring security incident and event management tools, including creating event filtering, correlation rules, and reports
- Strong understanding of the MITRE ATT&CK Framework
- Experience performing risk assessment, threat tracking, or vulnerability management and success in evaluating and communicating severity, impact, and likelihood of a risk to a wide audience
- Familiarity with digital forensic tools and techniques for hands-on response during incidents
- Be flexible to work on weekend shifts and avail weekly offs during weekdays
- Be available for on call support during off hours
Bonus points if you have
- Experience creating SOAR workflows and automation
- Experience building a successful SOC or developing incident response plans or runbooks
- Software engineering experience, primarily in Python or other high-level programming language
- Experience in cloud detections (AWS, Azure, GCP)
- Experience with DevOps CI/CD pipelines including Terraform, Atlantis, Ansible, Kubernetes, and Argo
- Experience with enterprise Kubernetes deployments, including EKS