Share this Job
Location: 

Tychy, PL

Threat & Incident Response Engineer - Europe (Information Security)

As a member of the Information Security’s Threat and Vulnerability Management team, the Threat and Incident Response Engineer will be responsible for monitoring, investigating and responding to security incidents and managing various security tools used within Lear.  Additionally, work with and support a MSSP providing SOC and Vulnerability Management services.

 

The Role:

Your work will include, but not be limited to:

  • Perform tier three analysis conducting host forensics, network forensics, log analysis, and malware triage in support of incident response investigations in order to determine root cause
  • Identify key data points regarding information security incidents, such as root-cause analysis, possible attack methods and techniques, malware infection and persistence methods, etc.
  • Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
  • Build scripts, tools, or methodologies to enhance incident investigation processes
  • Implement integration/orchestration of existing and new forensic infrastructure and tools
  • Perform as an Information Security SME in the following areas:
    • Digital Forensics
    • Incident Response
    • Log analysis
    • Popular operating systems (Windows, Mac, Linux, Android, etc.)
    • Networking (Firewalls, IDS/IPS, packet capture)
    • Other security related disciplines

 

Your Qualifications:

  • Preferred experience as a Crowdstrike Falcon Responder and/or Administrator
  • 5+ years overall technical experience in either forensics, threat intelligence, incident response, security operations, or related technical information security field.
  • Fluent English
  • Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
  • Strong and recent experience with malware analysis and reverse engineering.
  • Expert understanding of large, complex corporate network environments
  • Experienced with one or more of the following - EnCase, FTK, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools
  • Ability to communicate technical details in clear and concise terms to senior management
  • Deep understanding of Linux, Windows, malware analysis, host/network based forensics, memory forensics and network traffic analysis
  • Experience developing scripts and automating tasks to enhance investigations

 

Bonus If You Have:

  • Strong working knowledge and experience in Splunk, Qualys, Proofpoint, McAfee, CyberArk, Duo
  • Security certifications including but not limited to CISSP, CRISC, CEH, CISM, GIAC, OSCP, OSCE
  • Experience working in an Information Security team in the automotive field