IT Security Engineer V - DFIR Engineer - REMOTE

Company: CSAA Insurance Group
Location: Glendale
Posted on: November 23, 2022

Job Description:

We are actively hiring for an IT Security Forensics Engineer V! Join us and support CSAA Insurance Group, a AAA Insurer, in achieving our goals. We are looking for motivated, innovative individuals, who think big and move fast with a passion for service excellence. The CSAA Cyber Defense Services Team is responsible for developing actionable intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity. Essential responsibilities: Specifically, candidates will perform digital forensics and security incident response activities, including but not limited to:

• Effectively find and retrieve data from various operating systems including Windows, Linux, MacOS, Unix, and Android
• Retrieving, cataloging, and safeguarding digital data related to cyber investigations
• Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
• Assist with creating security techniques and automation for internal use that enable the team to operate at high speed and broad scale
• Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats
• Pursue actionable intelligence on current threats as they relate to CSAA IG
• Periodic on-call responsibilities The successful candidate will be required to analyze indicators to generate actionable intelligence and insight into current threats. They will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. Candidates should have a solid grasp of network and host-based indicators and how to best use them. They should be able to script and help automate recurring tasks to improve the overall effectiveness of the team. An understanding of operating systems internals will be an asset. What would make us excited about you:
  • Thorough understanding of recovering data from damaged or erased hard drives, tracing hacks, capturing and maintaining evidence, and writing and reviewing investigative reports.
  • Understanding of legal standards that guide criminal investigations.
  • Comfortable working across a variety of technologies
  • Solid foundation in cloud-native investigative techniques and incident response methodologies
  • Solid understanding of authentication technologies and connectivity concepts
  • Experience with network, operating system, and application security tools sets
  • Firm understanding of cloud service models and a shared responsibility model (IaaS, PaaS, SaaS) across public cloud CSPs (AWS, GCP, Azure)
  • Experience in analyzing cloud provider logs (e.g. CloudTrail, Stackdriver, Azure Monitor Logs) to identify and respond to security events
  • Strong analytical, written, and verbal communication skills
  • Able to work with a changing schedule that includes standard or non-standard business hours of work
  • Ability to weigh business needs against security concerns and articulate issues to management
  • Solid understanding and technical expertise in security architecture
  • BS degree in Computer Science, MIS, Computer Engineering, or 8+ years equivalent technology experience
  • 6+ years of experience in a Security Operations or equivalent role
  • 4+ years of hands-on experience in responding to threats in public cloud (AWS, GCP, Azure)
  • 6+ years of experience with tracking APT groups and other high-grade threats
  • 6+ years of experience in system, network, and/or application security
  • 6+ years of experience building automation
  • 6+ years of experience with SQL or other query languages Preferred Qualifications:
    • Splunk ES (Security)
    • Splunk UBA
    • Splunk Phantom
    • GCIH Certification
    • EnCase Certified Examiner (EnCE) Why join us: Make a difference. We don't just go to work. We're a team of employees committed to AAA members, our communities and each other. Lifestyle. We drive strategy through innovation. We do honorable work, and we live our core beliefs. Recognition. We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at: Benefits (aaa.com) Let's work together: Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us. Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Our differences, visible and invisible, make every individual at CSAA Insurance Group unique and valuable. We strive to foster a culture where all employees feel a sense of belonging and can leverage their differences to thrive. We believe in embracing our unique identities, experiences, and points of view to advance our company and reflect our communities and members. If reasonable accommodation is needed to participate in the job application or interview process please contact TalentAcquisition@csaa.com. CSAA Insurance Group is an equal opportunity employer. Must have authorization to work indefinitely in the US. Per Nevada SB293 we are disclosing the compensation, or range thereof, for roles that will be, or could be, performed in Nevada. If performed in Nevada, this position has a(n) salary range of $131,750-$155,000. In compliance of Colorado's Equal Pay for Equal Work Act (EPEWA) we are disclosing the compensation, or a range thereof, for roles that will be, or could be performed in Colorado. If performed in Colorado, this position has a(n) salary range of $125,460-$147,600. The role includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 12% of eligible pay. Please note, hourly or salary compensation, or the range of hourly or salary compensation available for a position may vary by location. We reserve the right to amend these benefits at any time and actual compensation will be determined at time of offer. #hp_rx #LI-MB1 #Expand #Remote

Keywords: CSAA Insurance Group, Glendale , IT Security Engineer V - DFIR Engineer - REMOTE, Other , Glendale, Arizona