Extrahop is looking for a Network Security Response Engineer.

Responsibilities

• Assist team leads to establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting
• Perform analysis of network log files from a variety of sources (e.g., network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
• Assist in execution of cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
• Perform initial, forensically sound collection of network data and telemetry to inspect to discern possible mitigation/remediation on enterprise systems.
• Perform real-time network cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
• Assist in accurately documenting an incident from beginning to end as well as evidence handling. 
• Partner with customer Engineering teams to harden the environment, respond to incidents, and lead investigations;
• Make recommendations to defend customer networks against unauthorized access, modification, and/or destruction;
• Respond immediately to security incidents and provide post-incident analysis;
• Maintain knowledge of current security trends and be able to clearly communicate them to the team and customers;
• Identify abnormalities and report violations using security tools such as ExtraHop;

Requirements

• Experience in IT Security Digital Forensics or IT Security Operations
• Experience in Incident Response in a global corporate enterprise
• Experience in fast-paced investigations.
• Ability to present highly technical information to non-technical audiences.
• 2+ years of experience in Information Security;
• Bonus: Experience with cloud technologies such as AWS, GCP, and/or Azure;
• 1+ years of experience in incident response and/or threat hunting;
• Familiarity with tools such as SIEM, IDS/IPS, EDR, NDR, firewalls, and more;
• Experience implementing a technology framework, such as ISO 27001, NIST CSF, or NIST SP 800 53R5.
• Familiarity with ExtraHop is a plus
• Technical know-how of security network devices (switches, antivirus, firewalls, cryptography, SIEM) and any other security networking hardware or software tools
• Knowledge of Firewalls and routing; switching experience is an added advantage
• Reviewing system changes for security implications and recommending improvements
• Knowledge of networking concepts such as WAN connectivity, transport types and protocols, and experience with wireless technology and Wireless deployment.
• Experience working with stakeholders at an Operational Level
• Good team player, Self-confident, motivated, and independent
• Excellent communication skills
• Bachelor’s degree or equivalent in business, information systems or Computer engineering/science
• Ability to remain calm while multitasking and working under pressure in a fast-paced environment
• Attention to details and good problem-solving skills.

Abilities and Skills:

• Design incident response for networks
• Apply techniques for network-based intrusions using intrusion detection technologies
• Identifying, capturing, containing, and reporting malware via network transmission
• Securing network communications
• Recognizing and categorizing types of vulnerabilities and associated network attacks.
• Protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Performing network damage assessment.
• Assist in the production of a root cause analysis.
• Properly handle evidence related to an incident.  #LI-BKW