Principal Cyber Incident Response Engineer

Job Description

Sony Music Entertainment (SME) is looking for a Principal Cyber Incident Response Engineer to join the Global Information Security team. This position will play a vital role to help protect SME by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support.

What you'll do:
• Responding to security events and incidents, and coordinating a cohesive response involving multiple teams across SME
• Perform host and/or network-based forensics across Windows, Mac, and Linux platforms, log analysis, and malware triage in support of incident
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Triage data of anomalous evets collected by SIEM, EDR and User Behavior Analytics (UBA) to decipher underlying trends or uncover anomalies and discern obscure patterns and attributes of potential treat activities
• Build scripts, tools, or methodologies to enhance incident investigation processes
• Develop detection rules to alert and identify malicious, suspicious and anomalous activity
• Collaborate with both technical and non-technical teams to integrate security controls and procedures into multifaceted workflows in all forms of enterprise networks.
• Perform data analysis to identify gaps and areas of improvement to assist in detecting indicators prior to compromise.
• Monitor external threat intelligence sources to track and report on attack campaigns external to SME.
• Engage in threat intelligence curation and IOC's implementation, transitioning identified behaviors to threat hunts, and codifying high fidelity behaviors into multi-technology signatures.

Who you are:
• BS in Computer Science Or any Engineering disciplines, or at least 4 years of comparable industry experience
• You have 4 to 6 years of hands-on technical experience in cybersecurity IR and SOC
• Must have strong knowledge and 2-3 years of hands on experience with endpoint security technologies like FireEye, Crowdstrike, Windows Defender EDR
• Knowledge of network protocols such as TCP/IP, DHCP, DNS, and directory services; this includes analytic tool sets (e.g. WireShark, Fiddler, etc) and network file types (e.g. .har, .pcap, etc).
• Hands on experience in at least 3 of the following areas: network engineering, infrastructure management, desktop management, tier 2/3 help desk, server administration, email administration, or cloud administration.
• Can create simple Powershell, BASH, or Python scripts to automate cybersecurity functions and provide reports, where required. This includes appropriate API use into regular production services.
• Create and maintain documented processes that can be translated into automated run books to cover ongoing cybersecurity operations.
• You have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems. Have experience in the cybersecurity life cycle of Protection, Detection & Response and understand Incident Response PICERL.

What we give you:
• You join an inclusive, collaborative and global community where you have the opportunity to fuel the creative journey
• A modern office environment designed to foster productivity, creativity, and teamwork
• An attractive and comprehensive benefits package including medical, dental, vision, life & disability coverage, and 401K + employer matching
• Voluntary benefits like company-paid identity theft protection and resources for pets, mental health and meditation resources, industry-leading fertility coverage, fully paid leave for childbirth or bonding, fully paid leave for caregivers, programs for loved ones with developmental disabilities and neurodiversity, subsidized back-up child and elder care, and reimbursement for adoption, surrogacy, tuition and student loans
• We invest in your professional growth & development
• Time off for a winter recess

Jobcode: Reference SBJ-dyk6n0-18-226-166-214-42 in your application.