Lead Engineer, Information Security (DFIR) - Remote

Cumming, GA, US, 30040

GXO Logistics

GXO is creating game-changing opportunities with our ever evolving logistics and supply chain management. Learn more about our innovative approach at gxo.com.

View all jobs at GXO Logistics

Apply now Apply later

 

Logistics at full potential. 

 

At GXO, we’re constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you’ll have the support to excel at work and the resources to build a career you can be proud of.

 

As the Lead Engineer, Information Security (DFIR), you will be responsible for performing, facilitating and documenting the complex analysis, development and testing of security methodologies and technologies. You’ll utilize your knowledge and experience with incident response, threat analysis, governance, risk management and compliance to help keep our operations running smoothly. Become a part of our rapidly growing global team and we'll help you develop your career to a level that will exceed your expectations.

 

Pay, benefits and more:

We are eager to attract the best, so we offer competitive compensation and a generous benefits package, including full health insurance (medical, dental and vision), 401(k), life insurance, disability and more

 

What you’ll do on a typical day:

  • Serve as part of the CIRT (Cyber Incident Response Team) as an Incident Commander, working with other members of the core incident response team and stakeholders throughout the incident response lifecycle.

  • Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.

  • Form and articulate expert opinions based on analysis.

  • Investigate instances of malicious code and documents to determine attack vectors and payloads.

  • Gather and utilize threat intelligence to lead relevant hunt missions across the enterprise, working directly with the Cybersecurity Operations Center (CSOC).  

  • Develop and produce reports on breaking cyberthreat news and disseminate to appropriate teams to maintain appropriate levels of situational awareness.

  • Analyze threat actor profiles and track threat groups and their associated indicators of compromise and tactics, techniques, and procedures to drive hunting, detection, and prevention efforts.

  • Support other DFIR Engineers in triage and response to security alerts and perform root cause analysis.

 

What you need to succeed at GXO:

At a minimum, you’ll need:

  • Bachelor’s degree in Cyber related field or equivalent work or military experience

  • Minimum 5 years of related incident response or cyber threat hunting / intelligence experience

  • Familiarity with intrusion detection methodologies and techniques for detecting host and network-based intrusions; incident response and handling methodologies

  • Experience in understanding and utilizing the incident response lifecycle

  • Advanced incident response skills to include host-based forensics, memory forensics, network forensics, packet capture analysis, and static / dynamic malware analysis

  • Knowledge of the corporate cybersecurity threat landscape, cyber threats and vulnerabilities, system and application security threats and vulnerabilities, and tactics and targets of Nation State actors and APTs

  • Demonstrated experience with data analysis, documentation, and reporting.

  • Experience working with EDR platforms (i.e., CrowdStrike, SentinelOne, Microsoft Defender)

It’d be great if you also have:

  • GCFA, GNFA, GREM, GHTI or other industry-relevant certification(s)

  • Familiarity with Cloud structure and security monitoring capabilities for GCP, AWS, Azure and O365

  • Experience with open source and commercial forensic tools

  • Strong problem-solving, networking, and team-building skills

  • Experience working with SIEM technologies (i.e. Splunk, Chronicle, Sentinel), to include log source discovery, collection, validation, and custom content creation (rules & dashboards)

  • Ability to work independently and with limited supervision to achieve assigned goals and objectives.

  • Ability to multitask in a fast-paced, high-pressure environment.

  • Experience with performing eDiscovery collections

We engineer faster, smarter, leaner supply chains.

 

GXO is a leading provider of cutting-edge supply chain solutions to the most successful companies in the world. We help our customers manage their goods most efficiently using our technology and services. Our greatest strength is our global team – energetic, innovative people of all experience levels and talents who make GXO a great place to work.

 

We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.


GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.

 

All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.

 

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed. Review GXO's candidate privacy statement here. 

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Application security AWS Azure Cloud Compliance Content creation CrowdStrike CSOC DFIR EDR Forensics GCFA GCP GNFA Governance GREM Incident response Intrusion detection Malware Monitoring Open Source Privacy Risk management Sentinel SIEM Splunk Threat intelligence Vulnerabilities

Perks/benefits: Career development Competitive pay Health care Insurance

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.