Senior Detect & Respond Engineer

Role Purpose:

Security is paramount to the success of our business. This role helps protect our information and products, by driving our detect and respond initiatives and driving a culture of positive cybersecurity into the heart of our business.

Role Value:

Having the highest levels of security and compliance are essential to Jumio’s business. By setting and achieving the highest standards this role has a direct impact on the integrity of our business, our customers’ confidence and, ultimately, the continued growth and success of the company.

Responsibilities:

• Perform deeper log analysis, network traffic analysis on a regular basis.
• Provide support for daily monitoring of security events, responding to alerts, and tracking incidents.
• Perform incident triage in support of the overall investigation, by determining scope, urgency and potential impact including identifying the specific vulnerability, attack vector and recommending remediation actions.
• Support the design and deployment of cloud native security monitoring capabilities.
• Create event dashboards, metrics and establish threshold standards.
• Provide high-quality security monitoring KPI and KRI statistics and reports on a regular basis.
• Create and maintain Cyber Security Incident Response documentation, including playbooks, runbooks, policies, processes and procedures.
• Definition of use cases that can be automated for incident response workflows.
• Work closely with external threat intelligence teams and consume threat feeds on a regular basis, triage and proactive responses to threats of interest.
• Maintain strong relationships with all interested parties that affect the security posture of the company and incident handling escalation touchpoints.
• Supports security crisis response simulations, and follow on improvements.
• Empower and educate our people through security and cultural innovation.
• Drive the culture of positive cybersecurity into the heart of our business.

Experience and Qualifications:

• Proven commercial experience in a detect and response capacity and influencing positive change in a diverse IT landscape including cloud as well as on-prem, external web services and end user endpoints
• Cloud Security and Posture Monitoring (CrowdStrike)
• Experience in Terraform, Kubernetes, Docker and CI/CD.
• Familiarity with Python scripting for development of SIEM (Panther) detections and internal automation tools
• Experience in monitoring tools like Prometheus, Grafana, Datadog
• Familiarity with AWS, Linux and Suricata IDS
• A strong awareness of the MITRE ATT&CK Framework
• Working with global information security frameworks and standards like PCI DSS, ISO 27001, SOC2, CSF 2.0
• Developing successful global security operations processes
• Security incident management (including Critical Incident Management), and application security best practices
• Experience of threat monitoring and management in cloud environments - AWS preferred
• Experience of successfully dealing with Advanced Persistent Threats (APT), cybercriminals, malware, and targeted phishing
• CISM, CEH, CISSP or GIAC Cyber Defence certifications a plus
• Excellent analytical, conceptual and communications skills in spoken and written English
• Fast learner, high capacity for abstract thinking and structured approach to work plus a hands-on mentality and an international mindset

Key Characteristics and Attitudes: