Vacancy expired!
Woven Planet is building the safest mobility in the world. A subsidiary of Toyota, Woven Planet innovates and invests in new technologies, software, and business models that transform how we live, work and move. With a focus on automated driving, smart cities, robotics and more, we build on Toyota's legacy of trust and safety to deliver mobility solutions for all.
For nearly a century, Toyota has been delivering products and services that improve lives. Automation that originated to increase the efficiency of daily activities has evolved into the safe, reliable, connected automobiles we enjoy and depend on today. Now, we are looking to the next 100 years and to extending that dream for a better life for all people. At Woven Planet we strive to build a safer, happier, more sustainable world.Our unique global culture weaves modern Silicon Valley innovation and time-tested Japanese quality craftsmanship. The complementary strengths enable us to optimize safety, advance clean energy, elevate well-being, and improve how people live, work, and play. We envision a human-centered future where world-class technology solutions expand global access to mobility, amplify the capabilities of drivers, and empower humanity to thrive.TEAMThe security team at TRI-AD is on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.WHO ARE WE LOOKING FOR?We are seeking an experienced Incident Response engineer to support our Security Incident Response Team. The right candidate will have an in-depth understanding of the overall security landscape, be experienced in tuning detection systems to spot attacker Tactics, Techniques, and Procedures (TTPs), and have a proven background in designing and deploying Security Information Event Management (SIEM) systems.They will work with the analysis team to continuously improve our detection systems' visibility by integrating new log sources, building out new use cases based on intel generated by our intelligence team, analysis of recovered malware samples, and following common frameworks like MITRE ATT&CK. They will lead responses to active incidents, collaborating with IT, security, and business stakeholders to kick attackers out of our systems as quickly as possible. They will provide technical mentorship to junior members of the team, and act as an escalation tier for complex analysis.We are looking for an individual who can balance technical risks against business risks and consistently drive for the right results. They must have the passion for engineering solutions to complex security challenges, and recognize and fill gaps in capabilities. The ability to quickly design and build internal-facing tools that enable scaled programmatic automation is core to our organization.The successful candidate will have a good mix of deep technical knowledge, a demonstrated background in information security, and an analytical mindset that is driven by curiosity. We value broad and deep technical knowledge, specifically in the fields of operating system security, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence.RESPONSIBILITIES:- Respond to alerts and handle digital forensics
- Continuously improve our monitoring systems' detection and response capabilities as well as processes, procedures, and playbooks
- Plan and execute monitoring system architectural changes
- Lead Incident Response efforts when dealing with confirmed security incidents
- Automate analysis and response steps to reduce manual toil
- Help prioritize the creation of new SOC use cases to ensure optimum ROI for engineering effort
- Communicate effectively at multiple levels of sensitivity, and multiple audiences
- Recognize, adopt and instill the best practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, incident response, security intelligence.
- 5+ years or more of demonstrated experience in security operations and incident response
- Practical experience in network- and host-based digital forensics across multiple operating systems
- In-depth experience working with a variety of monitoring tools, including SIEM, endpoint security, intrusion detection/prevention, packet analysis, CASB, and SOAR
- Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix
- Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts in English.
- Experience leading the deployment of a major SIEM platform (Splunk, QRadar, Sentinel, ArcSight, etc) and/or EDR platform (Crowdstrike, Defender for Endpoint, Cylance, etc)
- Experience with malware analysis and reverse engineering
- 7+ years of experience in cyber security and adjacent fields such as systems engineering, network management, cloud security, and/or application security
- 2+ years in a security engineering leadership position
- 2+ years of scripting/coding experience with one or more languages
- Relevant industry certifications, a degree in cyber security or adjacent fields, or cyber security boot camps
- ID: #40334154
- State: California Paloalto 94301 Paloalto USA
- City: Paloalto
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-05-06
- Deadline: 2022-07-04
- Category: Security