Job Description

Secureworks (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience. www.secureworks.com

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about whats next. We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Overview

The Incident Response Cloud Consultant role is a senior level position working with customers in the growing area of Incident Response in the Cloud, to include Amazon Web Services (AWS), Microsoft Azure (including O365), and Google Cloud Platform (GCP). This work involves the following overarching duties:

* Leading augmentation of Secureworks Incident Response Teams Cloud capabilities and skillsets
* Helping customer prepare to effectively handle security incidents in the Cloud
* Performing Incident Response and helping customer effectively respond to incidents in the Cloud

Augmenting Secureworks Incident Response Teams Cloud capabilities includes leading efforts on researching and building best practice documentation and methodologies for both securing the Cloud and responding to security incidents, developing effective and efficient processes and procedures for performing response, and building (or identifying existing) tools to automate response processes across a variety of Cloud environments to include AWS, Azure (including Microsoft 365), and GCP.

Helping customers prepare for security incidents in the Cloud includes developing Incident Response plans and playbooks, delivering Cloud-centric training, and conducting exercises to test response plans for incidents in the Cloud.

Responding to incidents in the Cloud includes helping customers manage both the technical and non-technical aspects of a complex, large-scale incidents occurring within their Cloud environments, conducting detailed forensic analysis to help customers identify the initial infection vector, scope, magnitude, and various other critical aspects of a security incident, developing timelines of malicious activity, and delivering remediation recommendations and recovery plans tailored to customers Cloud operations.

Role Responsibilities

* Serve as Subject Matter Expert in Incident Response and Digital Forensics in the Cloud
* Perform complex Incident Response and forensic analysis and develop technical conclusions based on analysis of evidence
* Review technical analysis and conclusions of other consultants
* Document findings, develop Incident Response remediation recommendations, and present both orally and in written reports for customers
* Conduct assessments of customer readiness to respond to incidents in the Cloud, including designing and delivering Incident Response exercises to test customer Incident Response plans
* Review security and Incident Response assessments of other consultants
* Develop detailed Incident Response plans and playbooks based on customer needs for Cloud environments
* Design and deliver Incident Response exercises to test customer Incident Response plans
* Oversee the delivery of Incident Response exercises by other consultants
* Support Junior through Senior staff on Cloud security and Incident Response best practices, processes, and tooling
* Experience leading multiple major work efforts involving research, development, training, and mentoring
* Desire and aptitude to work with both customers and internal teams to solve complex security issues, often amidst times of crisis
* Strong technical communication skills (oral and written) including experience briefing senior-level leadership and conveying technical subject matter to audiences of varying backgrounds and skill levels
* Strong understanding of vulnerabilities within the Cloud along with the tools used to discover, analyze, and exploit such vulnerabilities

Requirements

* Minimum of 5 years experience as a Cloud Security Engineer with one of the following hosting platform: AWS, Azure or Google Cloud Platform
* Minimum of 4 years of experience performing complex, large-scale security monitoring and response as well as host-based and network-based digital forensics
* In-depth experience researching, using, building, and/or augmenting Cloud-based Open Source Security (OSS) tools utilized for security monitoring and response
* Minimum of 3 years of experience using one or more of the following tools: X-Ways, Magnet, F-Response, Volatility, and Open Source Forensic tools
* One or more of the following certifications: GCFA, GCFE, GNFA, or similar (targeted experience for this role may be considered in lieu of these)
* Experience coding and developing tailored security monitoring and/or Incident Response tooling in current languages such as Python and Go
* Experience understanding, utilizing, and transforming common data formats such as JSON, YAML, and CSV

Preferred Skills

* Experience with automation systems
* Experience analyzing and/or reverse engineering malware
* Understanding of key cybersecurity frameworks relevant to cyber incident response and cyber threat hunting: MITRE ATT&CK;, CIS Controls, NIST CSF, NIST 800-53
* Undergraduate degree in computer science, information systems, information assurance, cybersecurity, or equivalent work experience

LI-Remote

Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworks here.