Symantec is the global leader in information security. The Cyber Readiness & Response organization is a critical component of Symantec’s Managed Security Services and Intelligence offerings that helps clients predict, prepare, detect, and respond to modern threats by increasingly sophisticated attack actors.
As part of this organization, the Incident Response Team is chartered to work collaboratively with customer and partner teams to provide rapid proactive and reactive threat response, investigations, and incident response for Symantec’s customers.
As a Lead Investigator, you will lead Symantec and partner teams to find and eradicate threats to customer environments.
You will gain exposure to some of the largest and most complex environments around, as well as some of the most highly targeted, advanced attacks out there.
While highly technical, the position also requires a strong ability to understand ones audience and adjust accordingly. In particular, the right candidate will have the ability to rapidly shift gears between a technical and an executive management mindset and communication style.
Be a primary first responder for incidents for Symantec customers : Lead Symantec and Partner fly-to-site Incident Response teams to conduct highly-
confidential investigations for Symantec customers.
Direct other Symantec consultants and partner resources to collect and process evidence
Act as liaison between Symantec’s internal intelligence teams Symantec consulting and partner fly-to-site resources
Be a Thought Leader : Speak on behalf of Symantec at key industry conferences. Blog on Symantec.com and author whitepapers on emerging trends of security operations methodology, information security concepts, security analysis and monitoring, incident response methodologies, and investigative tools and techniques.
Participate in an on-call rotation with your peers to triage incoming requests for assistance
Assess existing Incident Response plans of Symantec customers and recommend improvements to both plans and security monitoring programs in use
Take a lead role in authoring client reports on relevant findings and peer review of partner reports
Participate in the improvement and development of methodologies, process / procedure manuals and documentation
Required Technical Skills
Expert understanding of network protocols, TCP / IP fundamentals
Expert understanding of operating systems (Windows, Linux or OS X, iOS / Android)
Expert understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark) OR expert in one or more of the following :
Knowledge of Malware Triage and Reverse Engineering
Knowledge of network based services and client / server applications
Knowledge of enterprise systems and infrastructure
Expert understanding of network architecture and security infrastructure placement
Familiarity with security tools such as Anti-Virus, Anti-Spam / Email security systems and Data Loss Prevention Tools; Symantec tools a plus
Expert understanding of computer / network forensics tools (e.g. Encase, NetWitness)
Expert understanding of legal / regulatory aspects of Incident Response processes and methodologies
Background performing computer security incident response and digital forensics
Other Required Skills
Ability to successfully interface with Symantec partners and clients at both technical and executive levels
Ability to lead technical incident response teams and coordinate response efforts.
Ability to manage multiple projects under tight deadlines
Excellent presentation skills with an ability to present a professional appearance and demeanor during a crisis and in high stress situations
Excellent written and communication skills
Ability to document and explain technical details clearly and concisely
Ability to build and maintain high credibility with Symantec sales teams, partners, and strategic clients.
4 year college degree in computer science or related field is desired Industry certification in multiple operating systems and / or network technologies Minimum 7 years of experience in an information security discipline SANS GIAC Certified Incident Handler (GCIH) or GIAC Certified Forensic Examiner (GCFE) certification and certification on one or more computer / network forensics solutions is desired
Additional Desired Skills
Government security clearances highly desired
Experience in working with global systems integrators and partner ecosystems
Experience with programming / scripting languages
Social Media presence and blogging recognition in the Security Industry
Background in operational information security disciplines (e.g. incident response, security infrastructure management or monitoring services)
Experience in config / mgmt of feeds into event aggregation and correlation systems (e.g., Splunk, ArcSight)
Awareness of or experience with competitor Incident Response services or technology
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.