IR/Threat Engineer

TeleSign is a cloud communications company that is redefining the way the largest brands in the world protect, connect, and engage with their users. With an innovative suite of APIs, enhanced by data intelligence and Machine Learning, TeleSign delivers communication, verification and Mobile Identity solutions that have been used by almost everyone around the world. In business for more than a decade, profitable and located in the heart of Silicon Beach with panoramic views of the ocean and Hollywood sign, there is no better place to evolve and grow your career.

Telesign is hiring a Digital Forensic Incident Response and Threat Hunting who will provide technical oversight in Digital Forensic Incident Response to a small IR-focused team of IR responders while performing work on high profile cases. You will be on the frontlines of investigating attacks against a global organization while performing deep forensic analysis to uncover attack vectors, TTPs, and more. Additionally, you will have the opportunity to help mentor and grow other team members in different analysis specialties in the area of Incident Response and treat hunting.

Responsibilities of the Digital Forensic Incident Response and Threat Hunting:

• Maintain Security Incident Response Plan
• Build incident playbooks for various incident and provide responses
• Review and update policies, SOPs, capabilities, ensuring SOC meets IR operational requirements
• Perform forensic analysis of Windows and Linux systems to identify compromise artifacts
• Build sandbox/test lab environments to evaluate malicious code
• Manage SIEM correlated investigation rules and policies
• Train and mentor team members
• Report directly to and communicate regularly with the senior management
• Develop Root Cause and Corrective Action Reports, Inform stakeholders through regular communication
• Partner with key internal stakeholders including Legal, Compliance, HR, and others to ensure our mutual needs are planned and prepared for
• Plan, coordinate and participate in incident response exercises to assess our preparedness
• Establish, implement, and optimize service metrics in order to identify inefficiencies as well as demonstrate maturity
• Exercises practical threat hunting in a diverse technical environment
• Develops tactics techniques and procedures for the effective collection, analysis, and dissemination of intelligence, and external and internal threats through hunting activities

Requirements for the Digital Forensic Incident Response and Threat Hunting Lead:

• Bachelors degree or equivalent experience (masters preferred)
• 5+ years of experience in information security, 5+ years of incident response
• Experience recruiting, developing, training IR and threat analysts (preferred)
• Security certification such as CISSP (or similar) highly preferred.
• 2+ years of endpoint or network forensics.
• Understanding of the current cyber threat landscape, the different tactics commonly used by adversaries, and how you would investigate, contain, and recover against their attacks
• Effective communication skills. The candidate must be able to adopt their communication styles to communicate across a variety of audiences including senior management, technical, and business-focused customers.
• Experience with IR investigations within Cloud environments such as AWS.
• Experience with SIEM, SOAR, and EDR/NDR Solutions.
• Strong Critical Thinker & Problem Solver.
• Working knowledge of NIST Cybersecurity and MITRE ATT & CK frameworks.
• English is a must.

About Telesign:

Telesign connects and protects online experiences with sophisticated customer identity and engagement solutions. Through APIs that deliver user verification, data insights, and communications we solve today’s unique customer challenges by bridging businesses to the complex world of global telecommunications.Telesign is proud to be an equal opportunity employer. We believe our differences help us create a better workplace, a better product, and a better community. We do not discriminate on the basis of race, color, ancestry, religion, national origin, marital status, pregnancy, sex, sexual orientation, gender, gender identity or expression, age, genetic information, disability, military or veteran status, or any other basis protected by federal, state or local law, ordinance or regulation.Telesign also participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.Telesign is an Affirmative Action Employer and as part of the commitment to AAP, it will seek to ensure affirmative action to provide equality of opportunity in all aspects of employment, and that all personnel activities, such as the recruitment selection, training, compensation, benefits, discipline, promotion, transfer, layoff and termination processes remain free of illegal discrimination and harassment based on protected characteristics.

NOTICE TO ALL POTENTIAL JOB CANDIDATES
We recently have become aware of individuals, unaffiliated with Telesign Corporation, who have been sending out fake employment offers using a name similar to ours, in an apparent attempt to defraud would-be job candidates. In a recent example, a scam email was sent from the @outlook.com domain. All emails sent on behalf of Telesign will come from email addresses ending in @telesign.com.
Please be advised that Telesign Corporation does not solicit candidates for employment via email - nor do we require or ask for fees or payments during any phase of the recruitment or hiring process. If any person solicits financial information, fees, or payments from you as part of the "recruitment process" or as part of a purported employment offer, you should assume that the communication is not from Telesign Corporation and is not sanctioned or approved by our Company.
If you have received one these offers or believe you have been the victim of fraudulent activity via the internet, we would appreciate you filing a complaint with the Internet Crime Complaint Center at the link below:
http://www.ic3.gov/default.aspx