Security Incident Response Engineer
- Denver, CO
- Employees can work remotely
- Position open to remote: Yes
The Square Security team works with other teams at Square to build world-class products for both customers and employees. Our ultimate goal is to ensure that every experience with Square is simple, secure, and safe.
Square’s Detection and Response Team (DART) has two distinct teams; Security Engineering (SecEng) and the Computer Security Incident Response Team (CSIRT). CSIRT consists of three mutually supportive functions to focus its work: Monitoring & Triage, Incident Response (IR), and Signals Development/Threat Intelligence. We enumerate, detect, investigate, and coordinate the response to information security threats to Square through security threat research and intelligent analysis, understanding adversaries’ tools and techniques, proactive threat hunting, vigilant monitoring, and efficient incident response handling. In order to support the company's incredible growth, we’re growing our incident response team. You will report to the Engineering Manager as part of the DART - CSIRT team.
As a Security Incident Response Engineer you will:
- Lead the response to critical incidents, threats, vulnerabilities and bring these issues to resolution coordinating cross-functional teams.
- Demonstrate strong composure while running cases with a balance of urgency and intensity, as well as focus.
- Actively monitor, analyze and correlate activity, evaluate security events, perform research and provide in-depth incident analysis.
- Improve and automate internal capabilities for identifying, investigating, and responding to security events.
- Contribute to the creation and/or refinement of runbooks.
- Lead and participate in IR tabletop exercise to validate existing processes and procedures and to document lessons learned.
- Develop and adjust automations, scripts, and security tool configurations to drive efficiencies and enhance investigations. .
- Hunt for malicious activity and provide a feedback loop to signal development/threat intelligence.
- Keep key stakeholders (both technical and non-technical) informed on details in a clear and concise manner, both written and verbally.
- Create postmortem write-ups and lead postmortem discussions.
- Be part of an on-call rotation.
- 5+ years of experience with incident response and forensics tools.
- Strong security knowledge in at least one of the following domains: AWS, Google Cloud Platform, Linux, macOS.
- Prior experience (1-2 years) with malware analysis, host/network-based forensics, memory forensics, and/or network traffic analysis.
- Prior experience using the MITRE ATT&CK framework to improve security incident detection and response.
- Scripting experience (i.e. Ruby, Python, shell scripting) preferred.
- Experience with open-source forensics tools like OSquery
- Empathy, patience, a desire to learn, and help your teammates grow.
- Excellent written and verbal communication skills, including the ability to communicate technical concepts clearly and effectively.
- Ability to operate independently and in a team environment in a geographically dispersed team.
At Square, we want you to be well and thrive. Our global benefits package includes:
- Healthcare coverage
- Retirement Plans
- Employee Stock Purchase Program
- Wellness perks
- Paid parental leave
- Paid time off
- Learning and Development resources