Security Engineer - Incident Response

Job Description

Security Engineer (Incident Response) at JumpCloud

Louisville/Denver, CO and Remote in the U.S.

JumpCloud is looking for a Security Engineer focusing on Incident Response to monitor and mitigate attacks across JumpCloud's products and services. In this position, you will be a part of a flexible team responsible for handling security incidents. As such, you'll need to have years of practical security experience and knowledge of state of the art for detecting and responding to attacks. You'll be someone JumpCloudians across the company depend on and trust to respond quickly and effectively in a crunch. The outstanding communication and collaboration skills needed to work in partnership with diverse stakeholders. Most importantly, you will become a critical member of the team responsible for ensuring JumpCloud products' integrity and keeping JumpCloud users safe.

About the Role:

The Information Security Incident Response Lead is responsible for the management, operation, and direction of the incident response program, related process development, and improvement activities, including security breach simulation exercises. This individual will develop JumpCloud's Incident Response program and train and mentor others to perform and manage daily tasks associated with cyber incidents, investigations, threat intelligence, threat hunting, and simulation exercises. This individual will also drive new solutions, deployments, and procedures for gathering, handling, searching and retrieving digital and physical evidence concerning incidents. Ensure that forensically sound practices are documented. Provide guidance and assistance to JumpCloud GRC and Vulnerability Management program. This individual will coordinate processes and collaborate with technology incident management, business continuity, disaster recovery, public cloud, and product teams to ensure process continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach.

You'll be backed by JumpCloud's Manager of Security and Director of Cloud Operations, the company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how JumpCloud functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in helping keep JumpCloud secure and compliant, bringing security.

Responsibilities/Duties:

• Lead the Security Incident Response Team (SIRT) to employ strategy, standards, processes, and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence
• Lead active investigations, respond to security incidents and perform forensics on IT systems.
• Guide/lead mitigation strategies for identified vulnerabilities and threats
• Design and maintain a portfolio of security alerts, automated actions, and escalation workflows supporting a high-performing 24/7 incident response capability.
• Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors.
• Partner with key stakeholders and communicate effectively to continuously improve the feedback loop of preparation, identification, analysis, containment, and post mortem activities.
• Assist with implementation of counter-measures or mitigating controls
• Prepare incident reports of analysis methodology and results.
• Develop and maintain Incident Response capabilities in public cloud environments
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Develop monthly reporting dashboards and metrics on incidents and response capabilities
• Prepare executive summaries and conduct briefings on significant investigations.
• Execute, develop and document incident handling guides and processes
• Analyze and tune security alerts and interpret events, as well as create new signals based on signatures and behavioral activities
• Developing the security event simulation program and conduct security event tabletop exercises
• Prioritizes events using existing tools to correlate data for the purpose of reducing false positives and detecting threats

Qualifications And Skills

• Expertise with information/event management systems, centralized logging, and enrichment solutions(OSQuery, ELK, Splunk, AWS Lambda).
• Practical experience working with cloud technologies; ability to build and deploy a solution using Terraform.
• Experience with building and deploying solutions (Puppet / Chef / Ansible, Terraform, Jenkins)
• Competency in Linux OS.
• Superb communication and leadership capacity; ability to partner effectively with diverse company stakeholders.
• Basic knowledge of APT, Cyber Crime, and other associated tactics
• Experience with current cyber threats and the related tactics, techniques, and procedures used to exploit computer networks

Personal Characteristics

• Views security as an enabler, not an inhibitor to innovation.
• Ownership and Accountability
• Autonomy
• High Level of Integrity
• Clear Communication
• Creative Problem Solver
• Passionate about Security

About JumpCloud

Do you enjoy solving challenging problems using the latest technologies within a great team? Is knowing your work will be highly visible and mission-critical, a key component of your career next step? At JumpCloud, we're looking for best-in-class talent to help define the future of modern identity and device management from the ground up.

We built a disruptive new technology called Directory-as-a-Service®. It is reinventing a two-decade-old monopoly, giving thousands of organizations across the globe freedom of choice with their IT solutions. We provide companies the ability to remotely manage and control all of their organization's identities, devices, & resources on a single, comprehensive, cloud-based platform. That means doing it better, faster, easier, and more securely by staying on the bleeding edge of technology.

Where you'll be working

We have two offices in Colorado, one in Louisville and one in downtown Denver. Once we reopen offices, you will have the opportunity to work from one of our office locations, flex your time, or remain fully remote (in the U.S.).

Why JumpCloud?

JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.

If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you!

Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.