he Cybersecurity Threat Intelligence and Response Team is seeking a candidate to support GEICO's cybersecurity threat intelligence, incident response, and computer forensic investigation activities. The successful candidate will fill a position in GEICO's Cybersecurity division and will play an important role in the protection of GEICO from threats to the confidentiality, integrity, and availability of GEICO's information systems.
Both IT and non-IT associates are eligible to post. IT associates from a regional office can be considered, however, if a non-IT associate in a location other than Plaza is selected, he/she must be willing to relocate at his/her own expense to the Plaza. If the candidate is a current IT associate in the R1 office AND has a current desk, the position may be eligible to be filled in R1. Grade will be based on experience and qualifications. Any relocation waiver is subject to profit center management approval.
The candidate should have at least 1 year of successful experience in Incident Response, Computer Forensics, or related investigatory positions (e.g., criminal, fraud, etc.).
- Conduct incident response activities, including advanced investigation (forensic, malware analysis, root cause analysis etc.) to investigate potential intrusions, security incidents, and perform remediation.
- Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time.
- Identify, respond, and mitigate sophisticated threats to GEICO computer networks, IT infrastructure and information systems.
- Analyze and understand incident response processes and provide feedback to increase efficiency.
- Lead development and maturation of incident response playbooks.
- Provide 24 x 7 on call support for GEICO's security incident response as needed.
- Respond to security events and requests in a timely manner.
- Maintain a professional communicative relationship with internal departments and management to provide information throughout the incident, problem resolution, and change management cycles.
- Review/Comprehend logs and apply use case scenarios into the analysis environment for building better threat detection capabilities.
- Collect and analyze host-based and network-based data using computer network defense, forensic and enterprise security tools.
- Work with different teams to perform computer forensic investigations.
- Work with law enforcement entities when required.
- Process both atomic (IOC) and narrative threat intelligence in a documented, consistent, and informed manner.
- Produce cyberthreat intelligence reports in a timely manner, sharing with various levels of management and outside parties based on risk and filtered content.
- Reduce time-to-detect and time-to-remediate by driving the automation of applied intelligence and sensor enrichment.
- Compare cybersecurity events with intelligence research to determine adversary motive, capability, and intent.
- Support cybersecurity teams with quality research and assistance in solving complex cases.
- Creation or modification of scripts that will be used for connecting to various restful APIs.
- Mentor associates in groups and individually.
- Ability to understand complex problems while presenting them simplistically in a formal setting.
- Serve as the team Subject Matter Expert (SME) as it pertains to the team's areas of responsibility (threat intelligence, threat hunting, digital forensics, and response).
- Participate in proof of concepts and other technical evaluations of technologies, designs and solutions.
Would you like to join our innovative team? If so, do you meet these qualifications?
Technical Cyber Security Skills:
- Subject matter expertise in security event identification, known threat validation and analysis, and network vulnerability analysis and reporting.
- Demonstrated analytic ability to discover unknown, suspicious or exploitation activity and analyze exploitation opportunities.
- Proven ability to evaluate and recommend information security enhancements, product upgrades, and tools to ensure minimal exposures to security incidents while considering business drivers and efficacy.
- Experience in malware analysis, penetration testing, red team/blue team exercises and forensics.
- Malware analysis/reverse engineering skills.
- Exploit research and development skills.
- Familiarity with PowerShell, Python and other scripting.
- Familiarity with Indicators Of Compromise (IOC).
- Familiarity with Threat Actor Tools, Techniques, and Procedures (TTPs).
- Familiarity with Restful APIs.
- Ability to work independently and as part of a larger group comprised of different technical and business areas.
- Proficiency with Windows and Linux operating systems.
- Strong understanding of Windows artifact analysis.
- Strong analysis and troubleshooting skills.
- Understanding of malware and different techniques used for detection and prevention.
- Possess strong organizational and project management experience.
- Experience with managing projects from design through implementation.
- Able to draft, interpret and communicate policies, procedures and technical requirements.
- Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
- Must be extremely flexible and able to manage multiple concurrent tasks and priorities.
Preferred Tools Experience:
- Experience and knowledge with Security Information and Event Management (SIEM) system and able to perform log analysis, anomaly detections, use case content creation, alert development.
- Experience and knowledge with Zero Day Malware Detection Technologies.
- Experience and knowledge with Digital Forensic and Incident Response tools.
- Experience and knowledge with web content filtering, vulnerability scanning, and endpoint protection tools (antivirus, disk encryption, host intrusion prevention etc.).
- Experience and knowledge with scripting or automation tools.
- Understanding of Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), Proxies (Web and Email), Data Loss Prevention tools.
- Understanding of network analysis tools such as protocol analyzers, LAN/WAN sniffers, packet capture analysis tools.
- BS/MS Computer Science or relevant discipline desired
Security Certification (Desired):
o Comptia Security+ (Sec+) must be obtained within 6 months if not possessed
o GIAC Certified Incident Handler (GCIH),
o GIAC Certified Forensic Analyst (GCFA),
o GIAC Reverse Engineering Malware (GREM),
o GIAC Cyber Threat Intelligence (GCTI),
o Comptia Cybersecurity Analyst (CySA+) must be obtained within 6 months if not possessed,
o Certified Information Systems Security Professional (CISSP)
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
As the second-largest private passenger auto insurer in the United States, GEICO provides more than 16 million auto policies and insures more than 24 million vehicles.
Profit sharing; tuition reimbursement; associate assistance program; FSA; business casual dress; fitness and dining facilities at most locations; clubs and sports teams; volunteer opportunities.
.NET, C#, PowerShell, Java, Spring, Hibernate, SQL, JSON, Maven, Jenkins, TestNG, Selenium
Phone or video interview with hiring team (may include applicant providing sample work at or prior to interview); onsite or video interview (applicant answers technical questions and speaks to skillset and project work).
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and be seen.