The Security Engineer detection and response is a key member of the Detection & Response team, responsible for detecting sophisticated/targeted attacks, and reducing the dwell time to limit impact of security incidents. Efficient time management skills are essential to deliver results in the face of uncertainty, and proactively share knowledge across the BCBS community.
Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact.
Responsibilities include the following:
* Managing of incidents escalated from the Security Operations Center (SoC).
* Performing in-depth response triage, analysis, and remediation of security incidents.
* Providing forensic artifact handling & analysis.
* Deconstruction of malware & performing impact analyses.
* Creating robust, tested, and well-documented processes.
Responsibilities include but are not limited to:
* Support security related incidents in the corporate environment that were not mitigated through 1st tier operational activities (i.e., MSSP). Provide oversight to the identification, containment and remediation of a security incident. This includes forensics and reverse malware capabilities.
* Perform in-depth response analysis such as log and PCAP analysis, and coordinate response to incidents with constituents.
* Support investigative activities that involve electronic data. Work closely with other risk management functions, legal and HR to support corporate investigations. Ensure that forensic evidence is preserved and can be used for legal proceedings if necessary.
* Provide hands-on malware reverse engineering support (i.e., malware & implant analysis).
Required Basic Qualifications:
* BS degree in Computer Science, MIS, Computer Engineering or equivalent work experience.
* 2 years' experience with a minimum of 1 year in one or more of the following: incident response, application security, network security, security operations, security monitoring, or security focused system's engineering.
* Minimum of one year scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, Perl, or other languages.
* Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and application security.
* Excellent written and oral communication skills.
* Strong sense of ownership, urgency, and drive.
* Sharp analytical abilities.
* Security related certifications such as OSCP, GIAC, GCIH, GCFA, GCIA, GPEN, GNFA, GCUX, CEH.
* Advanced level understanding in at least one core areas of Information Security.
* Experience with IR, SIEM, Threat Intelligence, and Forensics tooling.
* Experience with red teams or CTF (Capture The Flag).
* Experience with reverse engineering.
* Experience in automation of tasks through scripting or programming.
* Well-rounded background in host, databases, network, and application security with deep experience in at least one domain.
* Deep familiarity with standard Internet protocols and packet analysis (e.g. Ethernet, ARP, IP, ICMP, UDP, TCP, SSL, DNS, HTTP).
Equal Opportunity Employer
Blue Cross Blue Shield Association is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics.