Intuit
Overview
We are looking for a Security Engineer to join our Security Event Analysis Team (SEAT) within the Security Incident Response Team (SIRT) to help detect, analyze, and respond to security incidents.The ideal candidate understands the Dynamic Approach to Incident Response framework, the incident management process, the cyber kill chain, attacker methodologies, and MITRE ATT&CK/D3fend frameworks. You should be able to respond quickly to incidents, restore services, and collect and analyze forensic artifacts to identify root causes. In this role, you will collaborate with engineers to enhance incident response capabilities, implement security solutions, and provide guidance and training to other teams.
What you'll bring
? A Bachelor's degree or higher in Technology, Computer Science, Cybersecurity, or a related field is preferred.? Possession of industry-recognized professional level certifications such as AWS Security Specialty, CompTIA Security+, CompTIA CySa+, Cisco CCNA, or GIAC certification is advantageous.? 1-3 years of experience in a dedicated Information Technology role.? 1-3 years of experience in a security analyst or similar role.? 1-3 years experience using scripting languages such as bash, powershell, and python.? Experience performing analysis and detection engineering using Endpoint Detection and Response or Cloud Security Posture Management tools such as Splunk, CrowdStrike Falcon, SentinelOne, and Wiz.? Proven experience using and defending public cloud services such as AWS, Azure, and GCP (IAM, CI/CD Pipelines, Network Security, DLP).? Deep understanding of Security Information, and Event Management (SIEM) solutions such as Splunk, Crowdstrike Next-Gen SIEM, and Microsoft Defender.? Well rounded knowledge of digital forensics technologies and methodologies, as well as expertise in the Security Incident Response Lifecycle according to frameworks like NIST or SANS.? Comprehensive understanding of computer security fundamentals, including Operating System hardening, basic network protocols, and general knowledge of frameworks such as OWASP, MITRE ATT&CK, NIST, and CIS.? Strong analytical and problem-solving abilities, with a focus on identifying root causes and assessing risk exposure for a large corporation.? Exceptional communication skills, both verbal and written, capable of explaining technical details to non-technical audiences and fostering strong stakeholder relationships.? Self-motivated with the ability to work autonomously, managing tasks effectively and seeking assistance when necessary.? Proficient in working under pressure in a dynamic environment, prioritizing tasks to meet tight deadlines while maintaining procedural discipline.
? Adaptable and proactive attitude, willing to take on various responsibilities and eager to continuously learn and upgrade skills.? Proficient understanding of Large Language Models, General Artificial Intelligence tools and their application in enhancing security operations, threat detection, and incident response.
How you will lead
? Respond to escalated security events or investigations; coordinate communications across involved teams and execute the Incident Response Plan as appropriate.? Provide on-call support for critical incidents; deliver timely status updates and incident reports to stakeholders.? Perform host/network/cloud forensics (disk, memory, logs) and analysis; establish scope, impact, timelines, IOCs, root cause while preserving evidence, and communicate findings throughout the incident(s).? Analyze SIEM, EDR, and platform logs; correlate signals to validate and triage threats.? Partner with Detection Engineering to create/tune detections and automate response actions from incident lessons learned.? Collaborate with Compliance, Legal, and Risk teams to integrate incident response workflows with business and regulatory needs.? Assess vulnerabilities, propose remediation strategies, and keep up-to-date on current and emerging security trends, threats, and countermeasures.? Develop, maintain, and continuously improve incident response runbooks and playbooks to drive prompt, compliant actions.? Present guidance and training on security best practices and incident response to organizational partners, while ensuring alignment with business objectives and compliance requirements.? Contribute to post-incident reviews and metrics to drive program improvements.
EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.
We are looking for a Security Engineer to join our Security Event Analysis Team (SEAT) within the Security Incident Response Team (SIRT) to help detect, analyze, and respond to security incidents.The ideal candidate understands the Dynamic Approach to Incident Response framework, the incident management process, the cyber kill chain, attacker methodologies, and MITRE ATT&CK/D3fend frameworks. You should be able to respond quickly to incidents, restore services, and collect and analyze forensic artifacts to identify root causes. In this role, you will collaborate with engineers to enhance incident response capabilities, implement security solutions, and provide guidance and training to other teams.
What you'll bring
? A Bachelor's degree or higher in Technology, Computer Science, Cybersecurity, or a related field is preferred.? Possession of industry-recognized professional level certifications such as AWS Security Specialty, CompTIA Security+, CompTIA CySa+, Cisco CCNA, or GIAC certification is advantageous.? 1-3 years of experience in a dedicated Information Technology role.? 1-3 years of experience in a security analyst or similar role.? 1-3 years experience using scripting languages such as bash, powershell, and python.? Experience performing analysis and detection engineering using Endpoint Detection and Response or Cloud Security Posture Management tools such as Splunk, CrowdStrike Falcon, SentinelOne, and Wiz.? Proven experience using and defending public cloud services such as AWS, Azure, and GCP (IAM, CI/CD Pipelines, Network Security, DLP).? Deep understanding of Security Information, and Event Management (SIEM) solutions such as Splunk, Crowdstrike Next-Gen SIEM, and Microsoft Defender.? Well rounded knowledge of digital forensics technologies and methodologies, as well as expertise in the Security Incident Response Lifecycle according to frameworks like NIST or SANS.? Comprehensive understanding of computer security fundamentals, including Operating System hardening, basic network protocols, and general knowledge of frameworks such as OWASP, MITRE ATT&CK, NIST, and CIS.? Strong analytical and problem-solving abilities, with a focus on identifying root causes and assessing risk exposure for a large corporation.? Exceptional communication skills, both verbal and written, capable of explaining technical details to non-technical audiences and fostering strong stakeholder relationships.? Self-motivated with the ability to work autonomously, managing tasks effectively and seeking assistance when necessary.? Proficient in working under pressure in a dynamic environment, prioritizing tasks to meet tight deadlines while maintaining procedural discipline.
? Adaptable and proactive attitude, willing to take on various responsibilities and eager to continuously learn and upgrade skills.? Proficient understanding of Large Language Models, General Artificial Intelligence tools and their application in enhancing security operations, threat detection, and incident response.
How you will lead
? Respond to escalated security events or investigations; coordinate communications across involved teams and execute the Incident Response Plan as appropriate.? Provide on-call support for critical incidents; deliver timely status updates and incident reports to stakeholders.? Perform host/network/cloud forensics (disk, memory, logs) and analysis; establish scope, impact, timelines, IOCs, root cause while preserving evidence, and communicate findings throughout the incident(s).? Analyze SIEM, EDR, and platform logs; correlate signals to validate and triage threats.? Partner with Detection Engineering to create/tune detections and automate response actions from incident lessons learned.? Collaborate with Compliance, Legal, and Risk teams to integrate incident response workflows with business and regulatory needs.? Assess vulnerabilities, propose remediation strategies, and keep up-to-date on current and emerging security trends, threats, and countermeasures.? Develop, maintain, and continuously improve incident response runbooks and playbooks to drive prompt, compliant actions.? Present guidance and training on security best practices and incident response to organizational partners, while ensuring alignment with business objectives and compliance requirements.? Contribute to post-incident reviews and metrics to drive program improvements.
EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.