Incident Response - Lead Responder
منذ 32 يوم


Symantec is the global leader in information security. The Cyber Readiness & Response organization is a critical component of Symantec’s Managed Security Services and Intelligence offerings that helps clients predict, prepare, detect, and respond to modern threats by increasingly sophisticated attack actors.

As part of this organization, the Incident Response Team is chartered to work collaboratively with customer and partner teams to provide rapid proactive and reactive threat response, investigations, and incident response for Symantec’s customers.

As a Lead Investigator, you will lead Symantec and partner teams to find and eradicate threats to customer environments.

You will gain exposure to some of the largest and most complex environments around, as well as some of the most highly targeted, advanced attacks out there.

While highly technical, the position also requires a strong ability to understand ones audience and adjust accordingly. In particular, the right candidate will have the ability to rapidly shift gears between a technical and an executive management mindset and communication style.


  • Be a primary first responder for incidents for Symantec customers : Lead Symantec and Partner fly-to-site Incident Response teams to conduct highly-
  • confidential investigations for Symantec customers.

  • Direct other Symantec consultants and partner resources to collect and process evidence
  • Act as liaison between Symantec’s internal intelligence teams Symantec consulting and partner fly-to-site resources
  • Be a Thought Leader : Speak on behalf of Symantec at key industry conferences. Blog on and author whitepapers on emerging trends of security operations methodology, information security concepts, security analysis and monitoring, incident response methodologies, and investigative tools and techniques.
  • Participate in an on-call rotation with your peers to triage incoming requests for assistance
  • Assess existing Incident Response plans of Symantec customers and recommend improvements to both plans and security monitoring programs in use
  • Take a lead role in authoring client reports on relevant findings and peer review of partner reports
  • Participate in the improvement and development of methodologies, process / procedure manuals and documentation
  • Qualifications

    Required Technical Skills

  • Expert understanding of network protocols, TCP / IP fundamentals
  • Expert understanding of operating systems (Windows, Linux or OS X, iOS / Android)
  • Expert understanding of intrusion detection systems (e.g. Snort, Suricata) and tools (e.g. tcpdump, Wireshark) OR expert in one or more of the following :
  • Knowledge of Malware Triage and Reverse Engineering
  • Knowledge of network based services and client / server applications
  • Knowledge of enterprise systems and infrastructure
  • Expert understanding of network architecture and security infrastructure placement
  • Familiarity with security tools such as Anti-Virus, Anti-Spam / Email security systems and Data Loss Prevention Tools; Symantec tools a plus
  • Expert understanding of computer / network forensics tools (e.g. Encase, NetWitness)
  • Expert understanding of legal / regulatory aspects of Incident Response processes and methodologies
  • Background performing computer security incident response and digital forensics
  • Other Required Skills

  • Ability to successfully interface with Symantec partners and clients at both technical and executive levels
  • Ability to lead technical incident response teams and coordinate response efforts.
  • Ability to manage multiple projects under tight deadlines
  • Excellent presentation skills with an ability to present a professional appearance and demeanor during a crisis and in high stress situations
  • Excellent written and communication skills
  • Ability to document and explain technical details clearly and concisely
  • Ability to build and maintain high credibility with Symantec sales teams, partners, and strategic clients.
  • 4 year college degree in computer science or related field is desired Industry certification in multiple operating systems and / or network technologies Minimum 7 years of experience in an information security discipline SANS GIAC Certified Incident Handler (GCIH) or GIAC Certified Forensic Examiner (GCFE) certification and certification on one or more computer / network forensics solutions is desired
  • Additional Desired Skills

  • Government security clearances highly desired
  • Experience in working with global systems integrators and partner ecosystems
  • Experience with programming / scripting languages
  • Social Media presence and blogging recognition in the Security Industry
  • Background in operational information security disciplines (e.g. incident response, security infrastructure management or monitoring services)
  • Experience in config / mgmt of feeds into event aggregation and correlation systems (e.g., Splunk, ArcSight)
  • Awareness of or experience with competitor Incident Response services or technology
  • Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.

    قدِّم طلب ترشيحك
    أضف الى المفضلات
    إزالة من الإشارات المرجعية
    قدِّم طلب ترشيحك
    بريدي الالكتروني
    بالنقر فوق "متابعة"، عطي نيوفو الموافقة على معالجة بياناتي وإرسال تنبيهات البريد الإلكتروني لي، وفقًا لسياسة الخصوصية الخاصة بنيوفو. يمكنني إلغاء اشتراكي أو سحب موافقتي في أي وقت.
    استمارة الطلب