Principal Incident Response Engineer - Security

CDW's vision is to be the best national provider of Advanced Technology Solutions. We will achieve this reputation by continuing to delight our customers and being the employer of choice for Advanced Technology Solutions. Principal Consulting Engineers at CDW are smart, hard-working Engineers who enjoy teaming with other best and brightest Engineers on highly visible, technically challenging projects and offerings. We are looking for high-caliber, well-rounded professionals who are passionate about emerging technology, projects and consulting.

Key Areas of Responsibility

• Perform and/or lead digital forensics and incident response engagements for customers of all sizes across numerous industries. Typical engagement types include business email compromise, malware intrusion, targeted intrusion and breach, ransomware and unauthorized access.
• Perform and/or lead preparedness incident response projects in the areas of Incident response policy, plan, playbook development and leading tabletop exercises.
• Take responsibility for managing projects, including taking ownership of customer communication, coordinating internal resources and planning and executing IR activities.
• Communicate information security and technology incident topics verbally on both a formal and informal basis to all levels of client staff, ranging from senior executives to user representatives. Deal with client discussions in an unstructured environment and produce high-quality written technical reports and documents.
• Work independently to manage and execute multiple projects in diverse customer environments, ensure that appropriate management is apprised of project status, bring projects to completion and follow up with customers regarding results.
• Gain a clear understanding of client environment, identify client needs, and effectively communicate solutions.
• Develop IT security recommendations as part of IR engagements, including containment and eradication strategy.
• Develop tools for internal team use. Actively contribute to the maintenance and enhancement of team systems and processes.
• Develop and complete an education plan to grow your skills consistent with client needs. Assist other team members with their efforts toward this goal.
• Participate in pre-sales activities, as needed, to demonstrate team competency, explain offerings, and provide guidance about security assessment and penetration testing engagement scope and structure.
• Conduct research on relevant security topics and develop tools and documentation to assist security team activities.
• Promote awareness of the team whether by building relationships with internal customers, publishing whitepapers or advisories, participating in marketing materials, or presenting at conferences.

Education and/or Experience Qualifications

• 
  
  Bachelor's degree in a technical field such as Computer Science, Information Security, Information Technology or equivalent experience
  
  
• 
  
  Five years' experience delivering and supporting complex technical cybersecurity solutions or two years of IT consulting
  
  

Other Required Qualifications

• 
  
  Be able to work on-call rotations that require the ability to travel with short notice
  
  
• 
  
  Direct role/position with responsibilities for incident response, including investigative analysis, containment and eradication strategy development. Direct experience with the use of incident response and forensic tools and processes. Experience with the creation of technical security report development.
  
  
• 
  
  Familiarity with of one or more of the following compliance frameworks and standards: NIST SP 800-53, NIST CSF, DFARS/NIST SP 800-171, ISO/IEC 27000, HIPAA, PCI,SOX,
  
  
• 
  
  Ability to work weekends and/or off hours as necessary to meet clients' needs
  
  
• 
  
  Ability to effectively communicate with clients
  
  
• 
  
  Strong written and verbal communication skills with the ability to effectively interact with all stakeholders
  
  
• 
  
  Proven ability to maintain and create technical documentation for the enterprise-level customers
  
  
• 
  
  Strong analytical skills with the ability to demonstrate solid attention to detail and a penchant for accuracy
  
  
• 
  
  History of balancing competing priorities with the ability to adapt to the changing needs of the business while meeting deadlines
  
  
• 
  
  Ability and willingness to travel up to 50% or as needed to other CDW locations or client sites
  
  
• 
  
  Industry certification either GCIH or OSCP, or equivalent certification
  
  

Preferred Qualifications

• 
  
  In-depth understanding of security architectures, common security services/products such as firewalls, endpoint security, SIEM, network security monitoring, and PIM/PAM products
  
  
• 
  
  In-depth understanding of root causes of malware infections and proactive mitigation
  
  
• 
  
  In-depth understanding of common lateral movement, footholds, and data exfiltration techniques, tactics, and procedures utilized by attack grounds
  
  
• 
  
  Experience using various incident response and digital forensic tools (e.g., KAPE, CyLR, Plaso, SIFT, Magnet AXIOM, X-Ways, F-Response, IDA Pro, Carbon Black Threat Hunter/Response, Crowd Strike Falcon, VirusTotal, Domain Tools)
  
  
• 
  
  Experience with Microsoft Windows Operating Systems (e.g., Windows 10, 2012, 2016)
  
  
• 
  
  Experience with cloud SaaS offerings such as Office 365 and G-Suite
  
  
• 
  
  Experience with programming tools such as Python, PowerShell and also able to develop Scripts with Scripting languages/tools.
  
  
• 
  
  Experience analyzing operating system log files, firewall logs, and intrusion detection systems logs to identify possible threats to network security, and to perform command and control and data exfiltration analysis in response to incidents.