Staff Information Security Engineer
The Qualtrics XM Platform™ is a system of action that helps businesses to attract customers who stay longer and buy more, to engage and empower employees to do the best work of their lives, to develop breakthrough products people love, and to build a brand people can’t imagine living without.
Joining Qualtrics means becoming part of a team bold enough to chase breakthrough experiences - like building a technology that will be a force for good. A team committed to diversity, equity, and inclusion because of a conviction that every voice holds value, with a vision for representation that matches the world around us and inclusion that far exceeds it. You could belong to a team whose values center on transparency, being all in, having customer obsession, acting as one team, and operating with scrappiness. All so you can do the best work of your career.
We believe every interaction is an opportunity. Are we yours?
The Challenge
Qualtrics is growing exponentially, both in terms of customers and new services, which inevitably results in an ever-expanding threat landscape. We must continuously evaluate how we secure our data and identify potential threats - both current and futures ones. We are looking for an experienced security engineer capable of driving strategy around threat hunting and intelligence collection to provide the company with a decision advantage, to lead execution of a program to enhance our proactive detection and response capabilities and to support other InfoSec organizations in Cybersecurity Risk Management and Threat Modelling and in-depth Incident Response support in complex cases up to and including forensics analysis and reverse engineering or malware.
Expectations for Success
- Minimum of a BS degree, preferably in IT Engineering, Computer Science, or any other IT-related field of study or equivalent relevant experience
- 8+ years of experience in the Information Security field.
- 5+ years of prior SOC and/or Incident Response, Threat Hunting, Cyber Threat Intelligence experience.
- Ability to lead an Incident Response Team and respond to emergency calls during non-business hours, as needed.
- Experience with incident response forensic and malware analysis.
- Possess the ability to react quickly, decisively, and deliberately.
- Excellent verbal and written communication skills.
- Proactive, self-managed, and able to interface well with interdisciplinary teams across the organization, including executive leadership.
- Experience performing analysis utilizing SIEM, SOAR, EDR, IPS, Firewalls and HIDS/HIPS technologies.
- Experience in analyzing large datasets.
- Experience with cloud computing and AWS services.
- In-depth knowledge on the cyber threat landscape, including threat actors, advanced cybercrime, attack types, tactics, techniques and procedures
- Experience in the preparation and production of written intelligence products.
- Strong experience and understanding of intelligence processes: analytical methods, the intelligence cycle, intelligence collection.
- Strong understanding of networking and associated protocols.
- Experience with MITRE ATT&CK, Cyber Kill Chain, NIST/SANS Incident Response Plan, Diamond Model.
- Experience in Threat Hunting with tools such as VirusTotal Intelligence, Certificate Transparency logs, Shodan, Censys etc.
- Experience in using commercial and open source tools to research external threat actors and threat actor groups.
- Knowledge of STIX/TAXII, SIGMA, DISA STIGs.
- Experience with multiple operating systems with a System Administrator level skill set on Windows, MacOS and Linux.
- Basic development skills including scripting (e.g. Python, shell scripting).
- GIAC (GCFA, GCTI, GREM), CISSP, OSCP or other security certification are strongly preferred, but not required
A Day in the Life
- Suport SOC/IR team during high and critical incidents
- Provide leadership, mentoring, and training to SOC/IR/TH team personnel and to other Qualtrics stakeholders and the Qualtrics Information Security Team.
- Provide training and coaching for junior SOC/IR Engineers.
- Perform network and endpoint forensics to establish attack scope and root cause analysis.
- Perform malware analysis.
- Ensure communication and escalation of security activities to leadership.
- Perform additional analysis of escalations from SOC engineers and conducts incident review.
- Develop and improve attack remediation strategies, incident handling processes, standard operating procedures, playbooks, and automations.
- Identify and develop new technical intelligence sourcing, collection, and enrichment capabilities.
- Conduct proactive research to identify and analyze new and emerging cyber threats, including malicious infrastructure, tooling, and techniques.
- Produce detailed technical analysis on cyber threats,
- Identify alerting gaps and develops strategies to increase threat detection coverage.
- Identify process gaps across company and propose process improvements
- Support FedRamp, ISO27001, SOC, HITRUST, and other audit activities for security operations and incident response.
What differentiates us from other companies:
- Work life integration is deeply important to us - we have frequent office events, team outings, and happy hours
- We take pride in our offices design aiming at cultivating creativity from our rooftop views to an open and collaborative work space
- On top of the standard benefits package (medical, dental, vision, life insurance, etc) we provide snacks, drinks, and free lunches in our office