Principal Incident Responder

About Gen:

Gen is a global company powering Digital Freedom through consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Our combined heritage is rooted in providing safety for the first digital generations. We bring leading technology solutions in cybersecurity, privacy and identity protection to more than 500 million users in 150 countries so they can live their digital lives safely, privately, and confidently today and for generations to come. We're always looking for smart, fearless, and dedicated people. Together, we have collective passion and a big vision to power Digital Freedom by protecting consumers and giving them control of their digital lives. 

Gen has a dynamic, supportive culture with core values that celebrate diversity, promote teamwork, and encourage every team member to contribute and grow—join us!

About the Role:

Lead Principal Incident Responder - Main lead for US Time zone

Location - the position is hybrid so the person will need to be within commuting distance of our offices in either Tempe/Plano 2-3 times per week office is expected.

As members of Security Operations sub department, the Incident Response Team detects, manages, and remediates security incidents across Gendigital. Members of the Incident Response Team (IR) are the fire fighters of the Gen’s Security department. The IR team works to create and maintain a safe and secure operating environment for the organization and its customers and responds to active security incidents. As an Incident Responder on IR team you will build and maintain the tools we use to detect and respond to emerging threats in efficient and scalable ways, respond to security incidents and drive them to resolution, and develop and deploy preventative security measures for the Gen’s organization and Gendigital.com and its subsidiaries. Successful Incident Responders thrive in high-stress environments and can think like both an attacker and defender, engage with and mentor more junior team members, and can help come up with proactive and preventative security measures to keep Gen and its user’s data safe in an ever-changing threat landscape. 

What you will do in the role:

• Detect and respond to company-wide security incidents, coordinating cross-functional teams to mitigate and eradicate threats. 
• Monitor and analyze emerging threats, vulnerabilities, and exploits.
• Develop and implement scalable preventative security measures (detection, monitoring, exploitation) 
• Incorporate current security trends, advisories, publications, and academic research. 
• Communicate risks and mitigations across multiple audiences.  
• Ability to use Splunk, TheHive/Cortex and other Security Automation tools. 
• Experience with designing and implement processes and tools to improve incident handling and resolution. 
• Technical knowledge of systems in a multi-tenant, multi-cloud environment 
• Proficiency to communicate over a text-based medium (Teams, Email) and can succinctly document technical details. 
• Willingness to be part of the Security Operations On-Call rotation. 
• Share our values, and work in accordance with those values. 
• Extends Incident Responder responsibilities, plus,
• Collaborate with other teams both inside and outside security on broad security topics.
• Detect and independently respond to security incidents across the organization. 
• Conduct proactive threat hunting based on threat intel.
• Perform forensic analysis of infected hosts independently.
• Analyze network traffic and identify attacker activity.
• Mentor other members of the Incident Response Team 
• Build and maintain scalable log ingestion and analytics platforms and tooling.
• Perform root cause analysis (RCA) and incident reviews.

Sr. Incident Responder Requirements 

• 5+ years of demonstrated experience in web or cloud security engineering, log aggregation, and/or penetration testing. 
• A minimum of 2 years’ experience working with incident response. 
• Excellent written and verbal communication skills.
• Deep technical knowledge of systems in a multi-tenant, cloud environment 
• Profound knowledge of the Linux operating system and common OS monitoring practices 
• Capability to build working relationships with key stakeholders. 
• Willingness to be part of the Security Operations On-Call rotation.
• Experience with operating system internals and hardening, web application and browser security, and monitoring and intrusion detection 

#LI-AM1

Gen is proud to be an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible environment for all employees. All employment decisions are based on merit, experience, and business needs, without regard to race, color, national origin, age, religion, sex, pregnancy (including childbirth or related medical conditions), genetic information, disability (physical or mental), medical condition, marital status, sexual orientation, gender identity or gender expression, military or veteran status, or any other consideration made unlawful by federal, state, or local law. Gen strictly prohibits unlawful discrimination based on such protected characteristics and seeks to recruit the most talented candidates from diverse cultures and backgrounds. 

We also consider employment-qualified individuals with arrest and conviction records. In addition, we will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Learn more about pay transparency. 

Gen complies with all anti-discrimination laws. 

To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.