Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.
The Principal Threat and Incident Response Engineer is responsible for all aspects of security threat management. This hands-on technical role shares responsibilities across the team in conducting cyber threat intelligence, executing threat hunts, participating and leading incident response efforts, performing digital forensics, and implementing threat protection across the enterprise. Position will be responsible for building, maintaining, and improving tools and techniques that power large-scale security threat management capabilities that protect, detect, and respond to emerging threats and sophisticated attacks on enterprise networks. The person in this role reviews and analyzes large and highly complex datasets and information to provide content, conclusions, and actionable recommendations to mitigate risk and stop attackers.
The Principal Threat and Incident Response Engineer should have an applied and in-depth understanding of malware, attacker tactics, techniques, and procedures and experience defending organizations from these threats. In addition to having a breadth of technical experience, the Principal Threat and Incident Response Engineer should have leadership and customer communication experience.
- Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
- Perform forensics on network, host, memory, and other artifacts originating from multiple operating systems, applications, or networks and extract IOCs (Indicators of Compromise) and TTP (Tactics, Techniques, and Procedures).
- Investigate incidents leveraging forensics tools including Encase, FTK, X-Ways, Axiom, SIFT, and Splunk to determine source of compromises and malicious activity that occurred.
- Collect, analyze, assess, and disseminate information about cyber threats and potential attacks.
- Conduct human-driven, proactive, and iterative hunts through enterprise networks, endpoints, or datasets to detect malicious, suspicious, or risky activities that have evaded detection by existing tools.
- Lead the Security Incident Response Team (SIRT) in responding to active and time-sensitive threats including communications and coordination across different teams.
- Work closely with other members of the Information Security team to lead changes in the company's defense posture.
- Maintaining proper chain of custody of evidence and associated documentation
- Testifying in court, Grand Jury, or other legal proceedings through testimony, sworn affidavits, or other legal instruments.
What you bring to the role:
- Bachelor’s degree in Computer Science, Engineering, Science, Math or Cyber Security related field is required.
- Work Experience: 7+ years’ experience in technical IT or Information/Cyber Security; 5+ directly related to role.
- 3+ years of strong hands-on experience in digital forensics examinations and/or investigations using the EnCase tool.
- 3+ years of experience in law enforcement (deputized) investigations (fraud, counterintelligence, high-tech crimes, etc.).
- 3+ years of experience in interviewing after taking a Reid Technique class (or an equivalent).
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud services.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
- Deep understanding of internals and constructs of modern operating systems.
- Experienced with EnCase, FTK, X-Ways, Axiom, SIFT, Splunk, Elastic Stack, Redline, Volatility, WireShark, TCPDump, and open source forensic tools.
- Proficiency with at least one interpreted programming language (Python, Ruby, etc.).
- Relevant security certifications (EnCE, OSCP, OSCE, GPEN, GXPN, GREM, GNFA, GCFA).
* Position could require occasional travel, including international travel.
* Please be prepared to provide three current work references and pass a criminal background check and drug test.
This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.
Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.