Are you looking to take your career from good to great? As an employee of PenFed, every day is an opportunity to thrive, and be part of a team working to ensure our organization is providing world class service to our members, employees, and our communities. We exist to help our members realize their full potential, educate and encourage their dreams, and make every effort to follow our mission and help our members “do better.” Joining PenFed is more than being an employee; it’s about being a part of the PenFed family.
PenFed is hiring an Engineer II, Digital Forensics and Incident Response (DFIR) at the following locations: Chantilly, Virginia, San Antonio, Texas, Dallas, Texas, and Omaha Nebraska. The primary purpose of the DFIR Engineer II position is to perform complex incident response processes, and improve security capabilities for the PenFed ASIC. This position will provide support in configuration and mangement of security monitoring devices on the network. This position will conduct appropriate investigative actions during the course of incident investigations and response processes. This position will also be the point of contact for the ASIC with regards to increasingly complex issues related to the cyber incident response process and security monitoring architecture. Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned.
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
- Act as point of escalation from DFIR Engineer I to investigate, coordinate, bring to resolution, and report on security incidents as they are escalated or identified
- Provide experienced incident response for the team to operate with little to no oversight
- Forensically analyze end user systems and servers found to have possible indicators of compromise
- Complete analysis of artifacts collected during a security incident/forensic analysis
- Identify security incidents through ‘Hunting’ operations within a SIEM and other relevant tools and partner organziations/technologies
- Interface and communicate with server owners, system custodians, and IT contacts to pursue security incident response activities, including: obtaining access to systems, digital artifact collection, and containment and/or remediation actions
- Provide engineering and administrative functions for all tools in support of the CTI mission
- Troubleshoot security devices and work with vendor if necessary to identify issues with devices that support the SOC’s mission.
- Interact with other Security and Network teams to implement a cyber-ecosystem.
Equivalent combination of education and experience is considered.
- Bachelor’s Degree in information security / technology or related field, or equivalent combination of education & experience in information security in a large, highly-regulated enterprise.
- Minimum of six (6) years of work experience the Cyber Security field.
- Minimum of three (2) years prior Incident Response/ Security Operations Center experience.
- Knowledge of security response operations, threat identification and forensic analysis software, equipment, and processes required.
- Experience configuring and managing security systems.
- Experience configuring and managing UTM devices.
- Experience using Threat Intelligence Platforms for continuous monitoring.
- Experience using vulnerability management/scanning tools and obtaining valueable output for senior management.
- Strong Host based security experience. Ability to leverage Host based security systems to perform proper incident investigations and resolution.
- Strong filesystem and malware behavioral knowledge. Experience using network and host forensics tools for incident response.
- Knowledge of the Cyber threat landscape and APT groups.
- Knowledge of the Cyber Kill Chain and ability to identify incident types and attack lifecycle
- Knowledge of change management process and experience proposing and presenting changes to the enterprise infrastructure.
Licenses and Certifications
- Must have at least two (2) certifications in the field of information security from a respectable security organization. Desirable certifications include, but not limited to:
- GSEC, GCIH, GCIA, GCFE, GREM, GCFA, CEH, CISSP, CASP or equivalent Certifications
While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.
*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*
Ability to travel to various worksites and be on-call is required.
Special Message Regarding COVID 19
PenFed is continuing to hire and train exceptional individuals to help us serve our 2 million members both here and around the world. In light of the current situation with novel coronavirus (COVID-19), we have modified our hiring, onboarding, training, and deployment protocols in order to comply with current local and state guidance around social distancing. About Us
Established in 1935, PenFed today is one of the country’s strongest and most stable financial institutions with over 2 million members and over $26 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico and Okinawa. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.
We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.
Equal Employment Opportunity
PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.
PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at
Giac Certified Intrusion Analyst
Certified Information Systems Security Professional
Giac Certified Forensics Analyst
Forensic Examiner Certification
Certified Ethical Hacker
Giac Certified Incident Handler