Staff Information Security Engineer - Incident Response

Company: LinkedIn
Location: Sunnyvale
Posted on: February 20, 2021

Job Description:

LinkedIn was built to help professionals achieve more in their careers, and everyday millions of people use our products to make connections, discover opportunities and gain insights. Our global reach means we get to make a direct impact on the world's workforce in ways no other company can. We are much more than a digital resume we transform lives through innovative products and technology.Creating economic opportunity for every member of the global workforce is a responsibility we all share. To truly transform the global economy, we must evolve the way we hire and enable our talent to serve people of all backgrounds and experiences. LinkedIn is committed to diversity in its workforce and is proud to be an equal opportunity employer.About the teamLinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Staff Incident Response Engineer to be an integral part of our Information Security organization. Our Incident Response team is responsible for protecting our infrastructure, applications, and, most importantly, our members. This role will be responsible for playing a key role in our security monitoring and incident response.The role is a Staff position, coming in with years of real world experience in responding and leading incident investigations, developing playbooks, and continually striving to improve processes and response times. Additionally as a Staff, a successful candidate will help lead the continued improvements, mentor more junior team members, while acting as Incident Commander during large scale incidents. Responsibilities: Manage security incidents as Incident Commander: determining direction of investigations, incident exit criteria, and update cadence. Perform incident investigations as an individual contributor. Conduct host/network, forensics & log analysis in support of incident response investigations Identify attacker tools, tactics, and procedures (TTPs) to develop indicators of compromise Hunt LinkedIn networks for indicators of compromise, looking for evidence of a compromise Preserve and analyse data from diverse set of data sources, including attack patterns and bad actors identified by LinkedIn's data scientists Develop and implement proactive remediation plans to harden LinkedIn's compute environment Work with cross functional teams to contain and remediate security incidents related to breach and compromise. Provide feedback to detection engineering team about accuracy and quality of detections Provide proactive and accurate data to all stakeholders for internal communication Support mentoring and technical development of incident response engineers Identify areas of opportunity, and drive improvements to the incident response process and technology directly impacting the team Work with partner teams including: PR, HR, Legal, Compliance, Investigations, Microsoft CDOC, Engineering, EPE. Participate in on-call activities.Basic Qualifications: BA/BS degree in Information Security, CyberSecurity, Computer Science, or other related technical disciplines, or equivalent practical experience 5+ years experience with incident management, cross team coordination, and management update cadences for multi-day incidents. 4+ years of experience with common actor attack vectors and tracing IOC/IOA through SIEMs, EDR, raw logs, and other telemetry. Previous experience with actor tactics, techniques and procedures (TTP), and following lateral movement (i.e. Mitre ATT&CK framework). Previous experience with one or more of these environments: cloud, physical, production, and business environments. Previous experience with understanding the impact chain for security decisions and remediation impact downstreamPreferred Qualifications: Master's degree in Information Security, CyberSecurity, Computer Science, or other related technical disciplines. Incident response experience with investigating ATP TTP. Experience developing scripts and/or automation tools in programming languages such as Java or Python Must be able to perform in a high stress environment.You will Benefit from our Culture:We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levelsEqual Opportunity StatementLinkedIn is committed to diversity in its workforce and is proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is an Affirmative Action and Equal Opportunity Employer as described in our equal opportunity statement here: Please reference and for more information.LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful. If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to: -Documents in alternate formats or read aloud to you -Having interviews in an accessible location-Being accompanied by a service dog-Having a sign language interpreter present for the interview A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response.LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information.Pay Transparency Policy StatementAs a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: Data Privacy Notice for Job CandidatesThis document provides transparency around the way in which LinkedIn handles personal data of employees and job applicants:

Keywords: LinkedIn, Sunnyvale , Staff Information Security Engineer - Incident Response, Engineering , Sunnyvale, California