TIMG last checked this job 2 days ago.

TIMG es una Empresa que busca darle herramientas a los emprendedores en los países más adversos para el emprendimiento en el mundo. Buscamos entregar conocimiento y herramientas para desarrollar negocios, Nos definimos como una incubadora de herramientas, hoy tenemos operaciones en Chile, Perú y China, y continuaremos agregando países. Nuestro estilo de trabajo es de alta libertad para crear y tomar desafíos, nuestra cultura busca empoderar para tomar decisiones y desarrollar su liderazgo, buscamos formar un gran equipo de buenas personas, ser buena persona.

Funciones del cargo

As our Cyber Security Incident Response Lead (CSIRT), you will be a part of our special forces within the BlueTeam. This role is 100% remote. You must have a calm and collected mannerism in high-pressure and time sensitive situations, think like both an attacker and defender, and work with relevant teams to take the right and timely actions to analyze, respond and neutralize attacks.

The Senior Engineering Lead position requires an experienced CSIRT personnel that have expert working knowledge in IR, investigation and hunt techniques, root-cause security flaws and vulnerabilities, quickly assessing the potential cyber threats, and educating other members of the broader team. Security Engineers are also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security

Key Responsibilities:

  • Monitoring, identification and response to cyber security incidents
  • Cyber security investigation at the network, endpoint and cloud
  • Host based and Network packet capture/traffic analysis
  • SIEM Rule development and fine tuning to detect security incidents and anomalies
  • Conduct research and analysis on local and worldwide cyber threat streams against TIMG
  • CSIRT Team and cyber investigations lead

Requerimientos del cargo

Qualifications:

  • Successfully respond and investigate security incidents (live or post mortem) up to root cause level (either as lead or support role in the follow-the-sun delivery model)
  • As an outcome of investigations, provide recommendations to build secure infrastructure to prevent future attacks with similar TTPs. This is done through deep understanding of information security fundamentals including endpoint protection, network topology, segmentation, switching and routing and web application security.
  • Continuously assist the SOC to development and fine tune rule sets to identify threats and incidents and minimize false positives.

Preferred

  • 7+ years of experience in information security with at least 3+ years in cyber incident response or digital investigations
  • Experienced in driving change (organizational, cultural and process) needed to respond to current and emerging threats
  • Working knowledge in delivering the complete CTI (Cyber Threat Intelligence) lifecycle
  • Working knowledge of Host based security investigation (Windows, Linux, Network/Security appliances)
  • Working knowledge of Operating SIEM and CTI (Cyber Threat Intelligence) Solutions and developing use cases
  • Current understanding of Network Traffic/Packet analysis and forensic
  • Current understanding of Operating IPS/IDS, Network Monitoring solutions, Net flow collector and analyzer
  • Current understanding of Operating EDR (Endpoint Detection and Response) system and tools such as CarbonBlack, CrowdStrike, EnCase-EDR, FTK, Volatility memory forensic, etc.
  • Knowledge of application security such as Web application, Mobile app traffics, etc.
  • BS degree or equivalent practical experience
  • Self motivated

Languages:

  • Primary work language for all Network is Spanish (English and other is bonus)
  • Certified in one or more of the following: CISSP, CISA, CCNA, CISM, SANS GIAC
  • Knowledge of Cloud service practices and principles (e.g AWS, GCP, DO)
  • Knowledge of Web Services (HTTP, HTML, AWS, REST, SOAP)
  • Experienced in Automation and Script (Linux shell, Python, Perl, Powershell)
  • Experienced in developing using Log Search (ELK, Splunk), TSDB (Time series DB)
  • Knowledge of DevOps and Agile practices and principles
  • Working knowledge of the intelligence lifecycle and current cyber threat landscape
  • Understanding of major threats and threat actors and their relevance to the eCommerce industry

Condiciones

Si quieres ser parte de un equipo muy capacitado mientras construimos una Compañía altamente disruptiva que coopera con cientos de emprendedores, postula y sé desafiada/o y recompensada/o por tu esfuerzo. Ofrecemos beneficios y sueldos altamente competitivos de acuerdo a la experiencia. Tenemos una política de horarios flexibles, Trabajo totalmente remoto, días adicionales de vacaciones, otros beneficios/actividades.

Fully remote You can work from anywhere in the world.
Flexible hours Flexible schedule and freedom for attending family needs or personal errands.
Performance bonus Extra compensation is offered upon meeting performance goals.
Informal dress code No dress code is enforced.
Vacation over legal TIMG gives you paid vacations over the legal minimum.

Remote work policy

Fully remote

Candidates can reside anywhere in the world.