Incident Response Specialist
- Ponca City, OK
Why will you enjoy this new opportunity?
Working with a team of Incident Responders and Threat Intel analysts, you shall be responsible for not only remediating high severity security incidents, but also play a key role in contributing towards initiatives like Threat Hunting, Digital Forensics and Threat Intelligence. You get to do all this, while enjoying the company of team members, who love memes and gifs. Above all, you get to work in a culture where new ideas and calculated risks are strongly encouraged and appreciated.
What is the primary need, technical challenge, and/or problem you will be responsible for?
We are looking for someone who can be a subject matter expert in Incident Response and Digital Forensics. Someone who can take lead in identifying the complete scope of an Incident and effectively chalk out the response strategy to remediate the Incident, while being able to interact and partner with key stakeholders like Detection and Response Team members, Legal, Privacy and Human Resources.
Success in the Role: What are the performance goals over the first 6-12 months you will work toward completing?
- Mentor and Train members of the Detection and Monitoring team on how to conduct Incident Response effectively
- Effectively manage and remediate any Incident, irrespective of the environment (Corp or Cloud)
- Successfully complete the assigned Threat Hunts (Proactively identify advanced attacker activity based on specific TTPs and adversary behaviors)
What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?
- As an SME, you would lead remediation of high-priority Security Incidents
- You would be conducting proactive Threat Hunts, based on curated Threat Intelligence
- You shall contribute towards developing Threat Monitoring and Detection rules
- You will be working with fellow members of the SIRT (Security Intelligence and Response Team) to track and report on evolving threat landscape (both internally and externally)
- You shall routinely conduct Forensic analysis of infected hosts or analyze network traffic to identify attacker activity
- This is not an entry level position. You will be expected to think, act and execute fast.
Required Skills and Experience
- At least 6 years of experience in Incident Response in a global corporate environment, and across various Cloud Platforms (AWS, Azure, GCP etc.)
- Ability to use any log ingestion platform to run Security Analytics and identify attack patterns
- Ability to conduct host and memory forensics on infected hosts, with little or no assistance
- Strong understanding of Threat Intelligence and Threat Hunting
- Ability to build working relationships with critical stakeholders
- Ability to constructively challenge status quo while adhering to corporate ethics and leadership principles
- Ability to execute with passion. Lead and follow with Integrity, in a collaborative manner
- Certifications like GCIH, GCFA, GCFE, GREM, GPEN, GMON, GWAPT, GNFA, GCTI, GDAT, OSCP etc.
- Strong understanding of Cloud Infrastructure and Architecture
What is the leadership like for this role? What is the structure and culture of the team like?
The Hiring Manager for this role is Karthik Yetukuri, Manager, Security Intelligence and Response Team (SIRT). He has experience working in the trenches defending the organizations, in diverse Technical and Leadership roles. He has been with VMware for about 3 years now.
Karthik believes that leadership is not defined by title and encourages his team members to be leaders and live the values they all bring to the team. He looks for people who can think creatively to solve problems and do so while being collaborative and courteous.
The Team consists of DFIR Specialists, Threat Intel Analysts and Program Managers, spread around the globe. The teams work regular work hours with on-call rotation during weekend (once every 9 weeks).
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top