GXO Logistics - Cumming, GA
posted 3 months ago
Full-time - Mid Level
Remote - Cumming, GA
Transit and Ground Passenger Transportation
About the position
As the Lead Engineer, Information Security (DFIR) at GXO, you will play a crucial role in the Cyber Incident Response Team (CIRT), responsible for analyzing, developing, and testing security methodologies and technologies. Your expertise in incident response, threat analysis, and risk management will be essential in maintaining the security of our operations and ensuring a proactive approach to cybersecurity threats.
Responsibilities
- Serve as part of the CIRT as an Incident Commander, collaborating with team members and stakeholders throughout the incident response lifecycle.
- Investigate network intrusions and cybersecurity incidents to determine the cause and extent of breaches, performing host-based and network-based analysis.
- Formulate and articulate expert opinions based on analysis of incidents.
- Investigate instances of malicious code to determine attack vectors and payloads.
- Gather and utilize threat intelligence to lead hunt missions across the enterprise, working with the Cybersecurity Operations Center (CSOC).
- Develop and produce reports on breaking cyberthreat news and disseminate to relevant teams to maintain situational awareness.
- Analyze threat actor profiles and track threat groups to drive hunting, detection, and prevention efforts.
- Support other DFIR Engineers in triage and response to security alerts and perform root cause analysis.
Requirements
- Bachelor's degree in a Cyber related field or equivalent work or military experience.
- Minimum 5 years of related incident response or cyber threat hunting/intelligence experience.
- Familiarity with intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Experience in understanding and utilizing the incident response lifecycle.
- Advanced incident response skills including host-based forensics, memory forensics, network forensics, packet capture analysis, and malware analysis.
- Knowledge of the corporate cybersecurity threat landscape and tactics of Nation State actors and APTs.
- Demonstrated experience with data analysis, documentation, and reporting.
- Experience working with EDR platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender).
Nice-to-haves
- GCFA, GNFA, GREM, GHTI or other industry-relevant certification(s).
- Familiarity with Cloud structure and security monitoring capabilities for GCP, AWS, Azure, and O365.
- Experience with open source and commercial forensic tools.
- Strong problem-solving, networking, and team-building skills.
- Experience working with SIEM technologies (e.g., Splunk, Chronicle, Sentinel), including log source discovery and custom content creation.
- Ability to work independently and with limited supervision.
- Ability to multitask in a fast-paced, high-pressure environment.
- Experience with performing eDiscovery collections.
Benefits
- Full health insurance (medical, dental, and vision)
- 401(k)
- Life insurance
- Disability insurance
