CSIRT Signals Development and Response Analyst
- Full-time
Company Description
Job Description
The Square Security team works to ensure the security of every transaction from dip to receipt and beyond. We strive to provide a diverse and secure environment that allows Square to build world-class products for both customers and employees. Our ultimate goal is to ensure that every single experience with Square is simple, secure, and safe.
The Computer Security and Incident Response (CSIRT) workflow inside the Detection and Response Engineering Team (DART) contributes to the mission through systems signals and sensor development, precise investigations and leading security incident responses for Square. We prioritize our work using an attack-driven defensive approach to prioritize our preventive controls, detective controls, and response program based on real-world attacker behaviors. We automate the detection of, and response to, attack techniques, look for threats in the cloud, data center, and corporate network environments and oversee incident response. Additionally, we provide expertise and partner with our infrastructure security and product teams to create and enforce policies that aim to ensure hardened, easy paths for our developers. This results in an environment where developers and the security team work well together providing a holistic solution to security while encouraging new ideas and growth.
As a CSIRT Signals Development and Response Analyst:
- Represent the Security team as one of the incident response leads for security incidents at Square
- Lead the effort to expand Square’s cloud-based incident response process and cloud IR tooling capabilities
- Monitor, analyze, and correlate activity, evaluate security incidents, perform research and provide in-depth incident analysis
- Instrument and monitor cloud services, workstations, data centers, and networks to detect malicious behaviors allowing signal development in order to identify suspicious activities
- Improve and automate internal capabilities for identifying, investigating, and responding to security events
- Investigate suspicious activities and leverage tactical and technical capabilities to eradicate threats
- Provide guidance on, and assist teams with, implementing domain-specific best practices for preventive controls
- Manually look for malicious activity and provide a feedback loop to signal development
Qualifications
You have:
- 6+ years of related experience
- Relevant experience as an essential member of a detection and response team
- Security knowledge and experience with signature development and performing Incident Response in AWS and Kubernetes
- Security knowledge of the following platforms: Google Cloud Platform, Linux, macOS, and Windows
- A passion for leading projects and initiatives
- Some scripting experience (e.g. Ruby, Python, shell scripting)
Additional Information
Perks
At Square, we want you to be well and thrive. Our global benefits package includes:
- Healthcare coverage
- Retirement Plans
- Employee Stock Purchase Program
- Wellness perks
- Paid parental leave
- Flexible time off
- Learning and Development resources