Lead Incident Response Engineer

• This individual will serve as the primary incident responder. In that capacity, the incumbent will:

• Develop Incident Response capabilities to effectively detect, respond to and remediate security incidents.

• Write incident response playbooks and procedures

• Execute security incident response and drive incident resolution including coordinating with multiple stakeholders in identifying incident impact, performing forensic investigations, coordinating containment & response efforts, and recommending recovery actions to prevent future reoccurrences.

• Monitor threat feeds and provide direction to SOC and other support teams

• Troubleshoot and close EDR and MDR tickets as required.

• Hone our detection and response capabilities through documentation, exercises, and training.

• Provide situational awareness on the ongoing threat landscape and the techniques, tactics and procedures associated with specific threats.

• Conduct research into ongoing threat activity by collecting, analyzing, and interpreting threat intelligence data from various sources, including commercial feeds, internal logs, security news and dark web monitoring.

• Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.

• Enhance telemetry and visibility for Incident detection and investigations.

• Engages with external entities, such as industry sharing groups and intelligence communities, to exchange information and collaborate on threat intelligence initiatives.

• Oversee 3rd party breach and forensic retainer service providers as needed.

• Develop technical and process documentation to improve process.

Focus Brands is one of the fastest-growing retail food providers and we are looking for a talented resource to join the Cyber Security team to lead our incident response and threat hunting efforts. We are looking for a senior-level security engineer who is experienced in enterprise incident response with hands-on knowledge and skills with enterprise-grade endpoint detection and response tools and large managed detection and response vendors.

Fixed Hybrid-Atlanta

• Bachelor's Degree in Engineering, Computer Science, or related field or equivalent combination of certifications and experience

• 7+ years combined years of incident response, malware analysis, and forensic investigation.

• 4+ years of hands-on experience in responding to threats in public cloud.

• 4+ years of experience in a Security Operations, Threat Hunting, Threat Intelligence, or similar role.

• 4+ years of experience in system, network, and/or application security.

• 4+ years of experience with scripting Python, Go or other programming languages.

• Experience in digital forensics and incident response

• Experience threat hunting

• Experience tuning IPS

• Experience tuning SIEM

• Experience developing incident response worflows

• Experience with network, operating system, and application security tools sets

• Extensive hands-on experience in EDR technologies, MDR firms, malicious code analysis, packet capture analysis, identifying indicators of compromise (IOC), threat analysis, anomaly detection, next generation firewalls (NGFW), security incident and event management (SIEM) technologies, and vulnerability assessment tools

• Familiarity with Security frameworks including NIST CSF, NIST 800-53, ISO27001, ISO27002, ISO27005, and other industry standards

• Firm grasp of cloud service models and a shared responsibility model (IaaS, PaaS, SaaS) across public cloud CSPs (AWS, GCP, Azure)

• Solid foundation in cloud-native investigative techniques and incident response methodologies

• Solid understanding and technical expertise in security architecture

• Solid understanding in Security frameworks MITRE ATT&CK

• Solid understanding in Security Models Cyber Kill Chain and Diamond Model of Intrusion Analysis

• Willing to work on a rotating triage and On-Call shift schedule

• NOC, SOC or App support experience is a Plus

• None