PenFed Credit Union
Engineer III, Digital Forensics and Incident Response
At a glance
Location: US-VA-Chantilly Map
Posted: 09/30/2021
Closing: 10/29/2021
Degree: 4 Year Degree
Type: Full-Time
Experience: Not Specified
PenFed Credit Union
Job description

Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members “do better.” Joining PenFed is more than being an employee; it’s about being a part of the PenFed family.

 

PenFed is hiring an Engineer III, Digital Forensics and Incident Response located in Chantilly, Virginia.The purpose of this job is to perform the duties of the PenFed ASIC’s DFIR team lead.  This position will manage security incidents, investigate security risks or incidents within the environment, and act as the lead in handling and responding to all security incidents that are detected PenFed’s enterprise network. 

 

**Work schedule: Monday - Friday 12PM - 8PM EST, rotating on-call, nights and weekends for after-hours emergencies**



Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned. 

  • Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
  • Lead investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified
  • Supervision over the DFIR Incident Handler/Analyst Team
  •  Forensically analyze end user systems and servers found to have possible indicators of compromise
  • Provide engineering and administrative functions for all tools in support of the DFIR mission
  • Complete complex analysis of artifacts collected during a security incident/forensic analysis
  • Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools and partner organizations/technologies
  • Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including obtaining access to systems, digital artifact collection, and containment and/or remediation actions
  • Provide expert consultation and assessment on perceived security threats
  • Maintain, manage, improve and update security incident process and protocol documentation
  • Regularly provide reporting and metrics on case work
  • Provide SME level resolution of security incidents by identifying root cause and solutions
  • Analyze results in investigative matters, and develop fact-based reports



Qualifications

Equivalent combination of education and experience is considered.

  • Bachelor’s Degree in information security / technology or related field, or equivalent combination of education & experience in information security in a large, highly regulated enterprise.
  • Minimum of eight (8) years of work experience the Cyber Security field.
  • Minimum of three (3) years prior Incident Response/ Security Operations Center team lead experience.
  • Minimum of two (2) years prior security analysis experience is required.
  • Knowledge of security response operations, threat identification and forensic analysis software, equipment, and processes required.
  • Proficient technical level of digital forensic and security incident response required
  • Capable of identifying vectors of threats and security incidents, able to remediate or coordinate remediation efforts of a security incident, and develop documentation to support the security incident response process required
  • Demonstrated integrity and judgment within a professional environment
  • Ability to appropriately balance work/personal priorities
  • Experience configuring and managing security systems.
  • Experience configuring and managing UTM devices.
  • Experience using Threat Intelligence Platforms for continuous monitoring.
  • Experience using vulnerability management/scanning tools and obtaining valuable output for senior management.
  • Strong Host based security experience. Ability to leverage Host based security systems to perform proper incident investigations and resolution.
  • Strong filesystem and malware behavioral knowledge. Experience using network and host forensics tools for incident response.
  • Knowledge of the Cyber threat landscape and APT groups.
  • Knowledge of the Cyber Kill Chain and ability to identify incident types and attack lifecycle
  • Knowledge of change management process and experience proposing and presenting changes to the enterprise infrastructure.
     

Supervisory Responsibility

This role will supervise employees

 

Licenses and Certifications

  • Must have at least two (2) certifications in the field of information security from a respectable security organization.  Desirable certifications include, but not limited to:
  • GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP or equivalent Certifications 

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

 

Travel

Limited travel to various worksites is required.

 

Special Message Regarding COVID 19

PenFed is continuing to hire and train exceptional individuals to help us serve our 2 million members both here and around the world.  In light of the current situation with novel coronavirus (COVID-19), we have modified our hiring, onboarding, training, and deployment protocols in order to comply with current local and state guidance around social distancing.



About Us

Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 2 million members and over $26 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico and Okinawa. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.

 

We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.

 

Equal Employment Opportunity

PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.

 

PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 240-224-4256.

 

#LI-TO1

Engineer III, Digital Forensics and Incident Response