The Senior Cybersecurity Engineer is a role within the Liberty Mutual Advanced Cyber Threat Team reporting to the Cyber Security Operations Center. This technical role is responsible for proactively and iteratively hunting for cyber threats. The successful candidate will work at the intersection of Cyber Threat Hunting, Cyber Threat Intelligence, Malware Analysis & Reverse Engineering, and Digital Forensics & Incident Response.
- Identify and track threat actor Tactics, Techniques, and Procedures (TTPs)
- Create Cyber Threat Hunt hypotheses based on TTPs
- Operate and mature an iterative agile Cyber Threat Hunting cycle
- Leverage internal and external data sets and threat intelligence feeds to drive cyber threat hunting initiatives
- Conduct Digital Forensics investigations and Malware Analysis to identify malicious activity and derive Indicators of Compromise (IOCs) and associated detection rules.
- Investigate and report on cyber threat hunt findings, including recommendations to improve security posture across detective and preventive controls
- Conduct Incident Response activities as required based on hunt findings
- Contribute to engineering initiatives to operationalize Cyber Threat Intelligence feeds and API integrations
- Validate security control coverage against identified IOCs based on emerging cyber threat intelligence
- Collaborate with the Offensive Security team to analyze and evaluate the effectiveness of existing security controls against identified TTPs
- Contribute to the creation and dissemination of finished cyber threat intelligence products and briefings
- Participate in and contribute to select Cyber Threat Intelligence sharing communities
- Serve as a Lead Responder on a global cybersecurity incident response team with a periodic on-call requirement
Preparation, Training, and Experience
- Subject matter expertise in at least one of the following areas: Cyber Threat Hunting, Malware Analysis & Reverse Engineering, Cyber Threat Intelligence, Digital Forensics & Incident Response
- College-level degree in Computer Science, Computer Engineering, Information Security, or other related discipline
- Active Cybersecurity certifications are desirable (but not required) such as GCIH, GREM, GCFA, GCTI, OSCP etc. (see list below)
- 5 years of recent experience working as a cybersecurity professional
- Previous experience working in a Cyber Security Operations Center or similar function is desirable
- Knowledge of relevant frameworks, standards, and best practices such as NIST CSF, PCI-DSS, CIS CSCs, MITRE ATT&CK, Cyber Kill Chain etc.
- Experience with using a Security Information Event Management (SIEM) platform
- Experience with using a scripting language such as Python or PowerShell for task automation or tool creation is desirable
- Demonstrable knowledge of several of the following areas: cybersecurity concepts, network protocols, firewalls, IDS/IPS systems, email security, endpoint security, network security, Windows/Linux/macOS systems, cyber threat hunting, malware analysis tools and techniques, cyber threat intelligence, common threat actor TTPs, application security concepts, cloud security fundamentals, Incident Response methodologies.
- Excellent oral and written communication skills.
- SANS/GIAC GCIH, GREM, GCFA, GCTI
- CompTIA Security+, CySA+
- Microsoft Azure or AWS Certifications
- Security Solutions/Tools Certifications
- Bachelor or Master`s degree in technical discipline or equivalent experience
- Generally 5+ years of professional experience
- Industry cybersecurity and/or technology certifications are a plus
- Proficient in new and emerging technologies, IT concepts, strategies and methodologies, as well as security aspects of multiple platforms, operating systems, software, communications and network protocols
- Negotiation skills; oral and written communication skills
- Advanced consultative skills, including the ability to understand and assist in applying customer requirements
- Comfortable with agile working environments to include both SCRUM and KANBAN
- Collaboration, prioritization, and adaptability skills required
- Intermediate proficiency of operational framework capabilities to include dimensional and lateral thinking, architectural analysis, business analysis and financial disciplines, security and compliance, data integration and analysis, and computational thinking
- Advanced proficiency across social networking, application delivery, mobile competency, system and technology integration, and system software infrastructure
- Expert proficiency in workplace adaptability
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a Great Place to Work by Great Place to Work US for the past several years. We were also selected as one of the 100 Best Places to Work in IT on IDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduatesas well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.