Lead Engineer, Information Security (DFIR) - Charlotte, NC
GXO Logistics
GXO is creating game-changing opportunities with our ever-evolving logistics and supply chain management. Learn more about our innovative approach at gxo.com.
At GXO, we’re constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you’ll have the support to excel at work and the resources to build a career you can be proud of.
As the Lead Engineer, Information Security (DFIR), you will be responsible for performing, facilitating, and documenting the complex analysis, development, and testing of security methodologies and technologies. You’ll utilize your knowledge and experience with incident response, threat analysis, governance, risk management, and compliance to help keep our operations running smoothly. Become a part of our rapidly growing global team and we'll help you develop your career to a level that will exceed your expectations.
Pay, benefits and more:
We are eager to attract the best, so we offer competitive compensation and a generous benefits package, including full health insurance (medical, dental, and vision), 401(k), life insurance, disability, and more.
What you’ll do on a typical day:
- Serve as part of the CIRT (Cyber Incident Response Team) as an Incident Commander, working with other members of the core incident response team and stakeholders throughout the incident response lifecycle.
- Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes the ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
- Form and articulate expert opinions based on analysis.
- Investigate instances of malicious code and documents to determine attack vectors and payloads.
- Gather and utilize threat intelligence to lead relevant hunt missions across the enterprise, working directly with the Cybersecurity Operations Center (CSOC).
- Develop and produce reports on breaking cyberthreat news and disseminate to appropriate teams to maintain appropriate levels of situational awareness.
- Analyze threat actor profiles and track threat groups and their associated indicators of compromise and tactics, techniques, and procedures to drive hunting, detection, and prevention efforts.
- Support other DFIR Engineers in triage and response to security alerts and perform root cause analysis.
What you need to succeed at GXO:
At a minimum, you’ll need:
- Bachelor’s degree in a Cyber-related field or equivalent work or military experience.
- Minimum 5 years of related incident response or cyber threat hunting/intelligence experience.
- Familiarity with intrusion detection methodologies and techniques for detecting host and network-based intrusions; incident response and handling methodologies.
- Experience in understanding and utilizing the incident response lifecycle.
- Advanced incident response skills to include host-based forensics, memory forensics, network forensics, packet capture analysis, and static/dynamic malware analysis.
- Knowledge of the corporate cybersecurity threat landscape, cyber threats and vulnerabilities, system and application security threats and vulnerabilities, and tactics and targets of Nation State actors and APTs.
- Demonstrated experience with data analysis, documentation, and reporting.
- Experience working with EDR platforms (i.e., CrowdStrike, SentinelOne, Microsoft Defender).
It’d be great if you also have:
- GCFA, GNFA, GREM, GHTI or other industry-relevant certification(s).
- Familiarity with Cloud structure and security monitoring capabilities for GCP, AWS, Azure, and O365.
- Experience with open-source and commercial forensic tools.
- Strong problem-solving, networking, and team-building skills.
- Experience working with SIEM technologies (i.e., Splunk, Chronicle, Sentinel), to include log source discovery, collection, validation, and custom content creation (rules & dashboards).
- Ability to work independently and with limited supervision to achieve assigned goals and objectives.
- Ability to multitask in a fast-paced, high-pressure environment.
- Experience with performing eDiscovery collections.
We engineer faster, smarter, leaner supply chains. GXO is a leading provider of cutting-edge supply chain solutions to the most successful companies in the world. We help our customers manage their goods most efficiently using our technology and services. Our greatest strength is our global team – energetic, innovative people of all experience levels and talents who make GXO a great place to work.
We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran, or other protected status.
GXO adheres to CDC, OSHA, and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.
All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.
#J-18808-Ljbffr