Incident Response Engineer

San Antonio, TX, United States

Ready to further your career in the fast-paced, exciting world of cyber security?

Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry-cybersecurity. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience.

Our mission is simple: End Cyber Risk. We're looking for an Incident Response Engineer to be part of making this happen. We know that cyber risk is ever evolving, and we know ending cyber risk is impossible, but that's why we love cyber security! Every day is different.

About the Role

The Incident Response Engineer role is for experienced IT and cyber security professionals with foundational digital forensics experience and knowledge that wants to be involved in all aspects of cyber security and learn something new every day. This role's primary focus is on digital forensics investigations, evidence preservation, and IT restoration and recovery services. The role is frequently the lead digital forensic analyst on response engagements responsible for finding the root cause of incidents, determining what attacker persistence mechanisms need to be remediated, and finding all actions from the attacker and malware. On extremely complex cases, this person would work alongside a team lead or senior incident response engineer.

This role is client facing, and both technical skills and soft skills are incredibly important. Our incident response team works with clients who are in crisis, and our elite technical and soft skills make a terrible situation as good as it can possibly be for our clients.

Responsibilities:

Digital Forensics

Perform digital forensic functions including but not limited to host-based analysis through investigating Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).

Process collected data and conduct defensible data acquisitions through in-depth analysis.

Preserve and analyze data from electronic data sources and systems including laptop and desktop computers, servers, mobile devices, and cloud services (Azure, AWS, etc.).

Examine firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.

Be able to determine the root cause, find persistence mechanisms, and find all actions of the threat actor in most incidents.

Participate in incident response engagements to guide clients and/or junior team members through forensic investigations, contain security incidents, and provide guidance on longer-term remediation recommendations.

Record detailed data for each incident that can be used in threat research and marketing initiatives

Restoration and Remediation Ability to preserve evidence from complex systems and networks

Ability to rebuild servers and workstations.

Ability to restore servers from nearly any backup system

Assist with decryption of data when needed.

Ability to recreate hypervisor environments and manage virtual servers

Client and Partner Management Provide support on incident response engagements in collaboration with the Team lead and Engagement Manager leading the engagements to guide client's containment, remediation, restoration, and forensic investigations.

Provide long term security recommendations that are well thought out and specific to the incident that the client experienced.

Produce high-quality written and verbal reports, presentations, recommendations, and findings to key stakeholders including customer management, regulators, and legal counsel.

Be able to lead an engagement solo from start to finish when needed.

Be able to bring calm to escalated situations.

General Participate in weekday escalation on call schedule.

Participate in weekend rotation schedule.

Participate in holiday rotation schedule.

Contribute towards R&D projects, such as, tools, techniques, threat research projects.

Contribute to marketing initiatives.

Skills and Experience We are Looking For:

The ideal candidate for this role would have a few years of digital forensics and cyber security experience or education as well as a strong IT background and core understanding of enterprise networks. Forensic Analysis - Ability to find the root cause of an incident, find attacker persistent mechanisms, and determine what data was accessed or stolen by an attacker

General cyber security best practices knowledge

Windows IT admin experience with Azure, Windows AD, Exchange, etc.

Managed Service Provide (MSP) experience solving problems and managing customers.

Investigative mindset with the ability and desire to untangle complex situations

About Arctic Wolf

At Arctic Wolf we're cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We've been named one of the 50 Most Innovative Companies in the world for 2022 (Fast Company)-and the 2nd Most Innovative Security Company. This is in addition to consecutive awards from Top Workplace USA (2021, 2022), Best Places to Work - USA (2021, 2022) and Great Place to Work - Canada (2021, 2022).

Our Values

Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that-by protecting people's and organizations' sensitive data and seeking to end cyber risk- we get to work in an industry that is fundamental to the greater good.

We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.

We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.

All wolves receive compelling compensation and benefits packages, including: Equity for all employees

Bonus or commission pay based on role

Flexible time off, paid volunteer days and paid parental leave

401k match

Medical, Dental, and Vision insurance

Health Savings and Flexible Spending Agreement

Voluntary Legal Insurance

Training and career development programs

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing [email protected].

Security Requirements Conducts duties and responsibilities in accordance with AWN's Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).

Background checks are required for this position.

Come join the Pack during this exciting time of rapid growth where every employee makes a difference and their contributions are recognized and rewarded.