Security Threat Intelligence Center- Incident Response- Senior Systems Engineer

POSITION PURPOSE
The Security Threat Intelligence Center (STIC)- Senior Systems Engineer is responsible for handing incident escalation and performing the first phase of incident response. The Senior Engineer is also responsible for leading containment efforts during incident remediation. Other duties include attacker hunting, rule creation and modification, coverage calibration and data quality testing. Responsible for supporting the Event Center’s mission of keeping The Home Depot as safe as possible through fast and effective incident response.

The Sr. Systems Engineer develops, maintains, and supports The Home Depot's technical infrastructure that includes network, hardware, database, and system software components. The Sr. Systems Engineer is responsible for collaborating with and enabling product teams with infrastructure. Sr. Systems Engineers are expected to leverage tooling and custom applications to monitor and optimize performance. In addition, Sr. Systems Engineers may be involved in routine upgrades and application support as well as root cause and post-mortem analyses around security incidents and service interruptions. As a Sr. Systems Engineer, you will be able to operate independently, though typically working as part of a team with varying skillsets.

MAJOR TASKS, RESPONSIBILITES AND KEY ACCOUNTABILITIES
10% - Planning & Analysis:
Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives
Drives the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements
Researches and designs best fit infrastructure, network, database, and security architectures for products
Proactively creates and maintains tools for monitoring and support
Participates in project planning and reporting across multiple efforts
30% - Delivery & Execution:
Drives configuration, debugging, and support for infrastructure
Drives field and corporate roll-outs of technology
Drives the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure needs
50% - Support & Enablement:
Collaborates with product and project teams to understand needs and enable them with infrastructure
Supports technology architecture design review efforts for project and product teams
Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
Opens and manages vendor problem tickets to resolution
Drives the production of in-house documentation around solutions
Monitors tools and proactively helps teams struggling with systems issues
Provides application support for software running in production
Creates scripts and tools that drive automation and enable product teams and end users to move towards self service
10% - Learning:
Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations

NATURE AND SCOPE
Typically reports to the Systems Engineer Manager or Sr. Manager.

ENVIRONMENTAL JOB REQUIREMENTS
Environment:
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Travel:
Typically requires overnight travel less than 10% of the time.
Additional Environmental Job Requirements: MINIMUM QUALIFICATIONS
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.

Additional Minimum Qualifications:
Must be legally permitted to work in the United States

Education Required:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Years of Relevant Work Experience: 1 years

Physical Requirements:
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Additional Qualifications:
Preferred Qualifications:

• Advanced knowledge of entire TCP/IP or OSI network protocol stack, including major protocols such as IP, Internet Control Message Protocol (ICMP), TCP, User Datagram Protocol (UDP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and SSH 
• Advanced understanding of routing and firewalling
• Advanced knowledge of the Windows Active Directory domain environment
• Understanding of current, popular attack vectors including phishing, drive-by downloads, exploit kits, and server exploitation
• Advanced knowledge of Incident response and the IR process
• Advanced understanding of the chain of custody process and properly securing STIC data
• Understanding of information security best practices in a professional environment
• Knowledge of Linux systems and the Linux command line
• Ability to succeed and interact in a professional environment
• Written and oral communication skills
• Ability to thrive on high ops tempo, high-stress environments
• Ability to manage multiple projects and successful time management
• Strong team player
• Solid sense of integrity and identification with the organizational mission
• Ability to train junior analysts or any other outside analysts sitting on the STIC
• The ability and willingness to pursue outside education related to security including certifications and other training opportunities

Certifications:

1. Splunk Power User
2. GCIH
3. GCIA
4. GCED
5. CEH
6. CISSP

Knowledge, Skills, Abilities and Competencies:
Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm
Collaborates: Building partnerships and working collaboratively with others to meet shared objectives
Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
Cultivates Innovation: Creating new and better ways for the organization to be successful
Drives Results: Consistently achieving results, even under tough circumstances
Global Perspective: Taking a broad view when approaching issues; using a global lens
Interpersonal Savvy: Relating openly and comfortably with diverse groups of people
Manages Ambiguity: Operating effectively, even when things are not certain or the way forward is not clear
Nimble Learning: Actively learning through experimentation when tackling new problems, using both successes and failures as learning fodder
Self-Development: Actively seeing new ways to grow and be challenged using both formal and informal development channels
Situational Adaptability: Adapting approach and demeanor in real time to match the shifting demands of different situations