Overview
We are seeking a full-time Cyber Security Engineer 2 in our Olathe, KS location. In this role, you will be responsible for conducting sensitive, complex, investigations of cyber incidents including systems compromise, data loss and insider threats. This individual will provide recommendations on security posture and architecture of systems or networks and ensures adherence to Garmin's information security strategy, programs, and best practices. This member of the Cyber Security Incident Response Team (CSIRT) may lead the collection, processing, preservation, analysis and presentation of evidence in support of a wide array of investigations.
Essential Functions
- Serve as a trusted advisor to other cybersecurity teams and to Garmin business segments on multiple domains in cybersecurity
- Collaborate across a team of highly skilled security professionals, promoting knowledge transfer, skill development, and a culture of continuous learning and improvement
- Identify opportunities to enhance tool integrations and workflows through automation and scripting, leveraging APIs provided by security tools
- Contribute to project and program planning by estimating and coordinating assigned work, and maintaining accurate, timely status updates on overall progress
- Design and develop complex, integrated solutions to meet business requirements and enhance the performance of Garmin’s security systems
- Contribute to the team roadmap and priorities
- Participate in the evaluation and adoption of emerging security technologies to improve threat detection, prevention, and response
- Investigate, analyze, and respond to cyber incidents with the global enterprise network and endpoints
- Ability to apply investigative techniques for responding to host and network-based anomalies
- Coordinate incident response functions and provide expert technical support to enterprise-wide security operations center cyber defense analysts
- Conduct analysis of log files, evidence, and other information to determine best methods for identifying the source of the incident or possible threats to security
- Conduct detailed investigations establishing documentary or physical evidence to include digital media and logs associated with cyber intrusion incidents
- Team with security operations center to determine scope, urgency, and potential impact, identifying specific vulnerabilities and making recommendations to expedite remediation
- Perform forensically sound collection of system memory, triage information, and storage media images that ensures the original evidence is not unintentionally modified to use for data recovery and analysis
- Analyze volatile data from information systems memory using tools such as Volatility
- Ability to conduct host and network forensic analyses in and for both Windows and Linux environments and to examine the recovered data for information of relevance to the investigation at hand
- Maintain a deployable cyber defense toolkit, forensics workstation, virtual environments, and repeatable procedures to support the incident response mission
- Collect and analyze intrusion artifacts such as source code, malware, and system configuration and use the discovered data to enable mitigation of potential cyber defense incidents within the enterprise
- Coordinate with cyber threat intelligence experts to correlate threat assessment data
- Monitor external data sources to maintain currency of cyber threat conditions and determine which security issues may have an impact on the enterprise
Basic Qualifications
- Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Business or another relevant field AND a minimum of 2 years of relevant experience OR an equivalent combination of education and relevant experience
- Communicate effectively with team members and stakeholders through strong verbal, written, and interpersonal skills
- Contribute positively to a collaborative, team-focused environment
- Proactively solve moderately complex problems with a strong, solutions-oriented mindset and a track record of delivering effective resolutions
- Manage time, priorities, and follow-up tasks independently
- Consistently deliver well-organized, high-quality documentation aligned with team expectations
- Understand core information technology services such as networking, storage, databases, and web-based services
- Familiarity using forensics tools such as EnCase, FTK, Sleuth Kit/Autopsy, Volatility, etc.
- Experience in network, host and memory forensics (including live response) for Windows, Mac, and Linux
- Hands-on understanding of application architectures and technology across all domains (including web applications, mobile technology, identity, and access management)
- Proficiency with various methods of vulnerability assessment including vulnerability scanners, password crackers, network protocol attacks
- Basic familiarity with Bash, Python, PowerShell, or Ruby programming environments
- Can draw connections among knowledge and skills as it relates to cyber defenses and organize and explore relationships among facts within a set of information
Desired Qualifications
- Experience with Azure or AWS public cloud services
Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran's status, age or disability.
This position is eligible for Garmin's benefit program. Details can be found here: Garmin Employment Benefits
