Security Engineer - Incident Response

Atlanta, GA - Remote

Applications have closed

JumpCloud

JumpCloud's revolutionary directory unifies device and identity on Windows, Mac, and Linux with cloud based SSO, MDM, MFA, PAM, and more.

View company page

All roles at JumpCloud are Remote unless otherwise specified in the Job Description.
About JumpCloudJumpCloud’s mission is to Make Work Happen®, providing simple, secure access to corporate technology resources from any device, or any location. The JumpCloud Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities, their devices, and apply conditional access controls based on Zero Trust principals. Since launching in 2012, our global user base has grown to more than 150,000 organizations, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight and Peloton. JumpCloud has raised over $400M from world-class investors including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. Our teams are growing fast, too, and we're looking for talent across engineering, sales, customer success, marketing, product management, and more. Join our team of dedicated, passionate, and creative people who are eager to change the IT industry forever.
JumpCloud is looking for Lead Security Engineers to drive direction for our security organization as we engineer, triage, respond, and mitigate attacks across JumpCloud products and services. In this position, you will be a part of a flexible team responsible for handling security operations. As such, you'll need to have years of practical security experience in DFIR, and knowledge of best practices for incident handling, security operations, detecting, and responding to attacks.  Maybe you have spent time in blue team CTFs or other cyber defense competitions, but you love to be in the fight.  You'll be someone JumpCloudians across the company depend on and trust to respond quickly and effectively in a crunch. Your outstanding communication and collaboration skills are essential to collaborating with diverse stakeholders. Most importantly, you will become a critical member of the team responsible for ensuring visibility across JumpCloud products and services and keeping our customers and service partners safe.
About the Role:The Security Engineer, Incident Response  role is responsible for the management, operation, of our Security Operations technology, and related process development, and improvement activities, including security breach simulation exercises. This individual will develop JumpCloud's Security program and train and mentor others to perform and manage daily tasks associated with cyber incidents, investigations, threat intelligence, threat hunting, and simulation exercises as part of Security Operations. This individual will also drive new methods of detection, analysis and enrichment throughout operational security at Jumpcloud. Primary responsibilities include investigations, triage and analysis, procedures for gathering, handling, searching, and retrieving centralized log data, digital and physical evidence concerning incidents, and threat hunting exercises. As a SaaS provider, this role also should provide guidance and assistance to JumpCloud GRC and Vulnerability Management programs, as well as product security. This individual will provide incident response across all Jumpcloud capabilities  and collaborate with Security Engineering, and other business stakeholders across the company, in daily security operations, as well as ensuring process continuity, disaster recovery, and business continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach. The company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all work with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how JumpCloud functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in keeping JumpCloud secure and compliant, bringing security to our company's forefront.

Responsibilities and Duties:

  • Execute, develop and document incident handling runbooks and processes for JumpCloud
  • Help define and own standards, processes, and technology to identify, detect, respond and recover from security incidents and to limit the impact of any such occurrence
  • Prioritizes events using existing tools to correlate data for the purpose of reducing false positives and detecting threats
  • Analyze and tune security alerts and interpret events, as well as create new signals based on signatures and behavioral activities
  • Respond to security incidents, lead investigations, and perform forensics on IT systems as necessary. 
  • Guide/lead mitigation strategies for identified vulnerabilities and threats 
  • Design, automate and maintain a portfolio of security alerts, automated actions, and escalation workflows supporting a high-performing 24/7 incident response capability.
  • Conduct threat hunting activities, anticipate future threats and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors.
  • Assist with implementation of counter-measures or mitigating controls 
  • Develop and maintain security capabilities in public cloud environments 
  • Prepare incident reports of analysis methodology and results. 
  • Recognize potential, successful, and unsuccessful intrusion attempts and potential compromises through thorough reviews and analyses of relevant event detail and summary information
  • Partner with key stakeholders and communicate effectively to continuously improve the feedback loop of preparation, identification, analysis, containment, and post mortem activities.
  • Develop monthly reporting dashboards and metrics on incidents and response capabilities 
  • Prepare executive summaries and conduct briefings on significant investigations. 
  • Develop the security event simulation program and conduct security event tabletop exercises

Qualifications and Skills:

  • Expertise in building and operating security information/event management systems (SIEM), centralized logging, and enrichment solutions (Endpoint protection/detection, Network telemetry data, ELK, Splunk, Snowflake, AWS services, HR systems, codebase infrastructure, build infrastructure).
  • Practical experience working with cloud technologies; ability to build and deploy a solution using Terraform.
  • Experience with building and deploying solutions (Ansible / Terraform / CloudFormation / CI/CD pipelines)
  • Competency in Linux, windows and MacOS; 
  • Ability to automate workflows via scripting languages: Python and other scripting languages a plus.
  • Superb communication skills and capacity; ability to partner effectively with diverse company stakeholders.
  • Active and current knowledge of campaign behavior, trending threats, IoCs, TTPs, and mitigation techniques as blue team operations
  • Competency in integrating Threat data, enrichments, for higher-value outcomes and behavioral situational awareness.
  • Industry certifications such as GCIH, GCIA, CFCE, GFCA and/or GCFE a plus

Personal Characteristics:

  • Views security as an enabler, not an inhibitor to innovation.
  • Ownership and Accountability
  • Autonomy
  • High Level of Integrity
  • Clear Communication
  • Creative Problem Solver
  • Passionate about Security
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate annual compensation range for this role, depending on individual candidate level and experience, is $130,000 to $175,000, including base salary and any related bonuses or commissions.  JumpCloud provides a comprehensive benefits package, with several medical plans to choose from including a high deductible HSA plan with employer contribution, two dental plans, vision insurance, flexible spending account (FSA), employee assistance program (EAP), short- and long-term disability, life insurance and a 401k savings plan with match. We have an unlimited vacation policy.
Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that are you able to work remotely within the country noted in the Job Description.
For US Roles: All roles posted in United States locations do require that you be located within one of the 50 U.S. States. Our Headquarters is in the Denver/Boulder, CO area but as a remote company, you are able to work remotely anywhere in the U.S. If you would like to spend time in the office in Denver/Boulder area, you are welcome do that as well.
Why JumpCloud?  If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.  
One of JumpCloud's three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud.  Please note JumpCloud is not accepting third party resumes at this time.   
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. 
#LI-Remote

Tags: Ansible AWS Blue team CI/CD Cloud Cyber defense DevOps ELK Forensics GCIA GCIH Incident response Linux MacOS Product security Python SaaS Scripting SIEM Splunk Terraform Threat intelligence TTPs Vulnerabilities Vulnerability management Windows

Perks/benefits: 401(k) matching Career development Flex hours Flexible spending account Flex vacation Health care Insurance Startup environment Team events Unlimited paid time off

Regions: Remote/Anywhere North America
Country: United States
Job stats:  25  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.