Principal Cybersecurity Engineer
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a Great Place to Work by Great Place to Work® US for the past several years. We were also selected as one of the 100 Best Places to Work in IT onIDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduatesas well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
The Principal Cybersecurity Engineer is a role within the Liberty Mutual Cyber Security Operations Center responsible for identifying anomalous activity and conducting investigations which may result in a security incident. The role includes mentoring junior CSOC engineers through incident response consultation or through incident escalation. This is a critical front-line cyber security role responsible for protecting Liberty Mutual' s assets, networks, and systems from cyber threats.
- Perform incident handling tasks based on daily process and/or procedure.
- Coordinate global response team efforts during investigations to identify, contain, and remediate security incidents.
- Identify potential security control gaps in an enterprise environment and provide solutions to mitigate compromise. Review threat intelligence to ensure enterprise is prepared to defend attacks.
- Complete forensic analysis of computers and other devices in scope to investigations for evidence or artifacts related to incidents.
- Conduct analysis of the enterprise network to discover indicators of a network breach or system compromise.
- Investigate alerts generated by network security controls to prevent data loss and maintain the integrity of corporate information.
- Conduct threat hunting, identifying gaps in alerting.
- Participate in Red Team/Blue Team exercises.
- Participate in Financial sector and Information Security communities to share and consume intelligence to further enhance discovery capabilities.
- Analyze files and binaries for indicators of malicious capabilities resulting in reporting on findings which can be used for retrospective or future detection.
- Train associate analysts on the processes of advanced information security investigation and procedures.
- Develop applications or scripting for forensic and incident response analysis.
- Deep understanding of key business initiatives and identifies improvements that address highly complex technical functional and technical gaps within single business process.
- Provides consultation on highly complex technology to address security gaps which enable business processes.
- Ability to lead projects.
- Required 24x7 on-call participation per on-call rotation.
Preparation, Training, and Experience
- Collegiate level degree in Computer Science, Computer Engineering, Information Security, or other related discipline
- Active Cybersecurity certifications such as GCIH, GSEC, GREM, GCFA, GCFE (GCIH desirable)
- 8 years of recent experience working as an information security professional
- Previous experience working in a Cyber Security Operations Center is desirable
- Must have excellent trouble-shooting and problem-solving skills
- Knowledge of frameworks, standards, and best practices such as NIST, PCI, CIS-CSCs, COBIT, MITRE ATT&CK, Cyberkill Chain etc
- Demonstrated experience working independently as a digital forensics and incident responder
- Demonstrated understanding of General IT knowledge, Security Fundamentals, Network Systems, Firewalls, IDS/IPS Systems, Security Email Flow, End-point Security, and, Network Security concepts Windows & Linux Systems Administration, malware analysis, cyber threat hunting, cyber threat intelligence, offensive tactics techniques, and procedures, and cloud security fundamentals.
- Demonstrated experience with application security.
- Experience using Security Information Event Management platform/case management.
- Desirable experience building playbooks, scripts, and development of automation in support of security operations.
- Excellent oral and written communication skills.
- Microsoft Windows Operating System/Server Certifications
- CompTiA Linux+;
- CompTIA Network+;
- Security Certifications:
- SANS GIAC GSEC GREM GCIH
- Cisco CCNA Cyber Ops
- CompTIA CySA+
- EC-Council CEH
- ISC2 CISSP or SSCP
- Cloud Certifications
- Microsoft Azure / AWS Security / ISC2 CCSP / CSA CCSA