Job Description
HOW YOU WILL FULFILL YOUR POTENTIAL
As a Security Engineer in GCDI's Threat Management Center, you will be an integral part of a technical team that is responsible for providing the GCDI organization with security sensors and data sets that increase awareness of current and potential Cyber Threats. The ideal candidate should be someone with cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in utilizing security information for detection engineering, live intrusions and triage security events in real-time. You will conduct cyber event and incident response investigations and remediate security gaps using world-class security tooling. You will also have opportunities to automate incident response workflows and remediation activities in order to increase the efficacy of our incident response efforts.
Job Responsibilities
- Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors
- Work at the forefront of designing an innovative threat and security incident management solution
- Coordinate and triage response to cybersecurity events and conduct forensic analysis
- Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
- Perform host-based and network forensic investigations, determining the cause of the security incident and preserving evidence for potential legal action
- Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs global business network
- Contribute to improve the efficiency of the Security sensors by looking for opportunity to tune the security controls to adjust to the ever-evolving security threat land scape
- Effectively lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination
- Experience in developing use cases based on adversarial tactics, techniques and procedures (TTPs), and tuning event detection rules to optimize detection efficacy
Basic Qualifications
- Strong verbal and written communication skills, capable of clearly conveying complex technical concepts to both technical and non-technical stakeholders.
- Robust analytical and problem-solving abilities, demonstrated by proactively identifying and resolving security challenges, as well as coordinating incident response efforts within a dynamic environment.
- Comprehensive understanding of security frameworks such as MITRE ATT&CK and NIST, along with expertise in threat intelligence, automation strategies, and developing detection logic within SIEM platforms like Splunk, Elastic, and BQL.
- Strong sense of ownership and commitment to managing tasks to completion, including overseeing daily operations and ensuring effective detection and mitigation of threats.
- Proficiency in scripting languages, including advanced skills in Python and PowerShell for developing detection queries and automating security processes.
- Relevant industry certifications, such as GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, or GCFR.
Preferred Qualifications
- Over 7+ years of experience in cybersecurity, including a minimum of 3 years specializing in detection engineering technologies and incident response.
- Managed Security Operations Center (SOC) activities as a shift lead, overseeing daily operations, coordinating incident response efforts, and ensuring effective detection and mitigation of threats within a dynamic environment.
- Proficiency in scripting languages, including Python and PowerShell
- Expertise in developing advanced analytical queries within SIEM platforms such as Splunk, Elastic, and BQL
- Experience crafting queries and detection logic in EDR solutions like Microsoft Defender for Endpoint (MDE) and CrowdStrike Falcon
- Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)
- At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR
