Lead security incident response in a cross-functional collaboration environment driving toward incident resolution
Develop IR initiatives that improve our capabilities to respond to and remediate security events faster
Perform forensic analysis of digital information
Validating the ingest of log sources and maintaining the flow of required logs to the SIEM
Contributing to the configuration and maintenance of security operations controls such as antivirus, application whitelisting, Host Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM) and Security Orchestration and Automation Platforms
Perform analysis of logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify and investigate potential threats
Build automation for identification, response, and remediation of malicious activity
Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
Work with the Computer Security Incident Response Team (CSIRT) to manage & and contain information security incidents and events to protect company IT assets, Intellectual Property, and the company's reputation
Respond to advisory service requests to address and drive-thru for closure as needed.
Perform technical research into advanced, targeted attacks, crimeware campaigns, malware, and other emerging technologies and techniques to identify and report on cyber-attacks and attackers
Perform proactive research to identify, categorize, and produce reports on new and existing threats
Supply actionable recommendations to other teams within Applied Materials, to bolster cyber security efforts
Display strong technical aptitude with IT Security, Enterprise Firewalls, Intrusion Detection and Prevention, Antivirus, Web and Email Security, Server and application monitoring, Windows and Linux Web Services
Skills Requirement:
Bachelor's degree or equivalent experience in Security
Knowledge of networking technologies, specifically TCP/IP and the related protocols
Knowledge of operating systems, file systems, and memory on Windows, MacOS, or Linux
Experience with an interpreted programming language (PHP, Python, Perl, Ruby, etc.)
Experience with attacker tactics, techniques, and procedures
8+ years of experience in cybersecurity
Strong problem-solving and analytical skills, initiative, eagerness to learn, and improve, and ability to work independently within a team structure
Background in malware analysis, intrusion detection, and/or threat intelligence
Experience in threat hunting
Experience in host and memory forensics (including live response) for Windows, OSX, and/or Linux
Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, Detection and/or response tool development
Previous experience in a Security Operations Center (SOC) & and MITRE Framework
Experience analyzing network and host-based security events
Demonstrates conceptual and practical expertise in own discipline and basic knowledge of related disciplines
Business expertise
Understands key business drivers and challenges and can translate these into understanding broader enterprise risks and threats
Leadership
Acts as a resource for colleagues with less experience; may lead small projects with manageable risks and resource requirements
Problem-Solving
Solves complex problems; takes a new perspective on existing solutions; exercises judgment based on the analysis of multiple sources of information
Impact
Impacts a range of customer, operational, project or service activities within own team and other related teams; works within broad guidelines and policies
interpersonal Skills
Explains difficult or sensitive information; works to build consensus