|Preferred GIAC Certifications||GCIH|
Workday is looking for an experienced security professional to join the Cyber Security Incident Response Team. This is an opportunity to contribute to a highly visible security operations function that is the first line of defense for Workday. This is a technical role with the understanding that you are already conversant in incident handling, security automation, system security, network security, and incident response.
We are looking for a problem solver with a taste for complex challenges who can devise practical, innovative and effective solutions using the most appropriate languages, tools and hardware. You will assist in the effort of finding known and unknown threats and understanding new adversary TTPs (Tactics, Techniques and Procedures).
Your training and development budget will include at least one major off-site training course annually (SANS etc), at least one major security conference (Blackhat, Defcon, RSA etc) as well as local conferences and events.
You'll be encouraged to keep your skills up to date with other events such as internal red/blue team events, hackathons, membership of various groups and societies. You'll be provided a budget to grow a reference library for yourself and your team, and a lab to run proof of concept projects in.
What you'll do
You will engage in the architecture of new tooling and industrialization of CSIRT activities.
Improve threat detection using network or system capabilities.
Drive security monitoring efforts.
Perform gap analyses to identify where extra tooling and automation can extend the coverage of the SOC monitoring.
Build automation solutions around open-source and proprietary tools.
Evaluate new tools and techniques to create innovative and practical security solutions.
Help drive team development by mentoring new and existing staff.
Skills and Experience
7+ years of experience in a similar technical security role.
BS Degree in Computer Science (or equivalent).
Mature approach to supporting a 24/7 SOC in a follow-the-sun model.
Experience with cloud security concepts, solutions, and automation.
IDS/IPS/HIDS systems, DLP systems, firewalls, SIEM systems, and vulnerability scanning tools.
Demonstrated knowledge of Information Security attack methods and techniques.
Python, Ruby and other scripting languages is essential, as is a strong understanding of Linux/OSX and Windows.
Deep understanding of network and application security threats, attack techniques, and mitigation options and network related protocols (e.g. TCP/IP, IPSEC, routing protocols, etc.)
Solid knowledge of securing all major operating systems.
Relevant Security, Systems, and Networking certifications a plus.