Sr. Engineer, Detection & Response

Job Description

Your Platform

Activision Blizzard plays a centralized role in the creation of epic entertainment by supporting our interactive gaming brands and studios with a diverse range of career opportunities across corporate functions such as Marketing, Communications, Legal, Human Resources, Finance and Supply Chain. Located in our global headquarters in Santa Monica, we encompass equal parts agility, creativity and rigor to enhance the employee and player experience. To learn more, check us out at www.activisionblizzard.com or on Twitter at @ATVI_AB.

Your Mission

The Sr. Engineer, Detection & Response is a highly-technical role and an in-house subject matter expert who diligently assists with the improvement of information security across the organization by understanding the threats it faces. Their primary responsibilities are (but not limited to): intrusion analysis, incident handling, digital forensics, developing thorough incident reports, and technical security research. The engineer will be responsible for leveraging security related data from internal 'sensors' (e.g. SIEM, firewalls, IDS, routers, proxies, hosts etc.) and external sources (vendors, industry working groups, law enforcement etc.) to implement effective mitigations, and reviewing appropriate data sources for indications of adversarial activity. This role reports into Global Information Security team and maintains strong relations with all Line of Business technology groups. This person will work closely with a number of key individuals and teams to investigate and forensically examine potentially compromised systems as well as identifying, alerting, and responding to mitigate information security incidents.

Responsibilities include, but are not limited to: 
• Assists with incident management response and analysis services on behalf of the Information Security function as a primary member of the computer security incident response team (CSIRT), including Tier 1 through 3 analysis for the full scope and lifecycle of incident response (i.e. identification through closure including post-mortem and lessons learned) following industry established best practices in addition to being in accordance with Company-specific policies and standards
• Respond to emerging threats such as APT and other forms of targeted attacks, organized crime, etc
• Perform detailed forensic analysis of assets, including logs, malware samples, hard drive images, etc.
• Reconstruct events of a compromise by creating a timeline via correlation of forensic data
• Malware analysis and other attack analysis to extract indicators of compromise.
• Reviewing audit trails for unauthorized access attempts or other information security violations
• Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks
• Analyze previously unknown malware utilizing static and dynamic methods to determine its behavior and impact on endpoints as well as build a list of indicators of compromise
• Expectation of off-hours support, responsiveness and availability in response to critical security related incidents, material developments which could create risk to the Company, known threats etc.
• Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
• Some international travel required

Player Profile
• Demonstrated and continued involvement within cyber security-specific communities at any scale (e.g., groups, organizations, conferences) or equivalent activity that seeks to maintain small and large scale awareness of major security topics and events
• Demonstrated exceptional passion and drive for cyber security as evidenced by self-driven past accomplishments that had significant positive impact to shareholders or security community
• Strong host and network based forensics skills.
• Effective technical skills to understand the ramifications of various system security recommendations and decisions
• Experience conducting detailed log analysis and correlation
• Hands on Malware analysis experience – dynamic and static
• Good understanding of SIEMs and similar technologies
• Knowledge of industry good practice for foundational security elements including network device and system-level hardening.
• Ability to assess security incidents quickly and effectively and communicate a course of action to respond to the security incident while mitigating risk and limiting the operational and reputational impact
• Excellent oral/written communication, problem solving and analytical skills
• Ability to work independently and as part of a team to achieve desired objectives and project results
• Ability to interface effectively and decisively with all levels of management, departments and outside vendors.
• Ability to identify both tactical and strategic solutions.

Jobcode: Reference SBJ-g36mb9-18-117-70-132-42 in your application.