Full Job Description
Why will you enjoy this new opportunity?
You will have the opportunity to oversee and continue to build our Threat Hunting Program. Working with a team of Incident Response and Threat Intelligence experts, you will be uniquely positioned to synthesize a culture of Threat Hunting within the organization. You will be able to bring your Threat Hunting expertise and be a key player who will enable us to identify advanced threat actor activity, proactively. You get to do all this, while enjoying the company of team members, who love memes and gifs. Above all, you get to work in a culture where new ideas and calculated risks are strongly encouraged and appreciated.
As this is a Senior Level position, we are seeking candidates with extensive experience in challenging environments and investigating APT (Advanced Persistent Threats), ideally leading such incidents at technical level. You will have extensive experience working in a multinational corporation (or similar environment) in at least 2 of the following focus areas: Incident Response, Digital Forensics, Malware Analysis and/or Threat Hunting.
What is primary need, technical challenge, and/or problem you will be responsible for?
We need someone who can positively impact our ability to detect advanced threat actors in our environment (both in the corp and in the cloud). Contributing to our existing strategy to counter such threats while effectively executing it is the core responsibility of this role. Having hands on knowledge of responding to advanced persistent threats (APTs) in previous roles and the ability to deeply understand and emulate the TTPs with an aim to prevent and/or detect such activity, would be critical in being successful in this role.
Success in the Role: What are the performance goals over the first 6-12 months you will work toward completing?
Continuously assess and report the current state of logging in the organization, with a preliminary report on gaps and opportunities due within the first 100 days of you joining the organization
Working with members of SIRT (Security Intelligence and Response Team) to successfully establish a regular cadence of Threat Hunting sessions and be the SME to address any escalations from the Hunt
Ensure that findings from hunts are duly brought to attention and conveyed to the concerned teams, who can help close any identified logging and monitoring gaps
Gain clear understanding of all VMware cloud services and deliver a report on current state of security and recommendations to improve the security state.
What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?
You would be conducting proactive Threat Hunts, based on curated Threat Intelligence
You would be assessing our current logging posture to identify logging gaps that need to be fixed, to aid Threat Hunting
You would play a key role in enhancing our Threat Monitoring and Detection capabilities
As an SME, you would actively assist in remediating any high-priority Security Incidents
You will develop and execute adversary simulation/purple team exercises
You shall assist in evaluating security solutions as well as play a pivotal role in developing novel security solutions
Required Skills and Experience
Extensive experience in Incident Response/Threat Hunting using both End Point logs and Network logs
Experience Investigating Advanced Threats in Complex environments
Experience in Incident Response across various Cloud Platforms (AWS, Azure, GCP etc.)
Ability to use any log ingestion platform to run Security Analytics and identify attack patterns
Ability to map threat actor activities to MITRE ATT&CK Matrix
Strong understanding of Threat Intelligence Lifecycle
Ability to build working relationships with critical stakeholders
Ability to constructively challenge status quo while adhering to corporate ethics and leadership principles
Ability to execute with passion. Lead and follow with Integrity, in a collaborative manner
Certifications like GCIH, GCFA, GCFE, GREM, GPEN, GMON, GWAPT, GNFA, GCTI, GDAT, OSCP etc.
Strong understanding of Cloud Infrastructure and Architecture
What is the leadership like for this role? What is the structure and culture of the team like?
The Hiring Manager for this role is Karthik Yetukuri, Manager, Security Intelligence and Response Team (SIRT). He has experience working in trenches defending the organizations, in diverse Technical and Leadership roles. He has been with VMware for about 3 years now.
Karthik believes that leadership is not defined by title and encourages his team members to be leaders and live the values they all bring to the team. Karthik looks for people who can think creatively to solve problems and do so while being collaborative and courteous.
The Team consists of DFIR Specialists, Threat Intel Analysts and a Data Analytics Expert, spread around the globe. The teams work regular work hours with on-call rotation during the weekends (once every 8 weeks).
What are the benefits and perks of working at VMware?
You and your loved ones will be supported with a competitive and comprehensive benefits package. Below are some highlights, or you can view the complete benefits package by visiting www.benefits.vmware.com.
Employee Stock Purchase Plan
Medical Coverage, Retirement, and Parental Leave Plans for All Family Types
Generous Time Off Programs
40 hours of paid time to volunteer in your community
Rethink's Neurodiversity program to support parents raising children with learning or behavior challenges, or developmental disabilities
Financial contributions to your ongoing development (conference participation, trainings, course work, etc.)
Healthy and local inspired snacks in all our on-site pantries
This job requisition is not eligible for employment-based immigration sponsorship by VMware.
Category : Engineering and Technology
Subcategory: Information Security
Experience: Business Leadership
Full Time/ Part Time: Full Time
Posted Date: 2020-05-14
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.