Engineer II - Information Security (Detection and Response)

Washington, DC
Aug 29, 2020
Sep 26, 2020
Engineering, Security
Full Time
Business Unit Description

AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name. As a trusted source for news and information, AARP produces the world's largest circulation magazine, AARP The Magazine and AARP Bulletin.

Information Technology Solutions (ITS) is AARP's technology leader in positive social change and member value, enabling a more effective workforce and globally connecting employees, members, volunteers, partners and advocates to maximize engagement.

The Engineer - Information Security Detection & Response, Sr is a core technical resource on a information security team responsible for the architecture design, development, maintenance, administration, and continuous improvement of solutions and practices in security incident management, including the identification, containment, mitigation, and collection of evidence for all known and suspected reports of intrusion. This position is accountable for the technical components of the strategy and lifecycle for incident management and will be expected to deliver incremental business value in an agile environment. The Engineer - Information Security Detection & Response, Sr must be a multi-faceted technologist able to build business-value based objectives and perform "hands on" development and configuration within the Information security systems.

Other core roles on the team will include the Platform Manager and Delivery Lead.

Technical Responsibilities

Design and architecture
  • Ensure sound integration, data, security, and business architecture design throughout all stages within the incident response lifecycle.
  • Lead the implementation of information security requirements in order to meet users' defined outcomes within one or more customer/employee journeys.
  • Lead design and development of proof-of-concepts or minimum viable products as well as architecture design and technology evaluation artifacts.
  • Drive reuse of common services defined by AARP's enterprise architecture standards.
  • Provides oversight and governance of AARP technology standards and frameworks for assigned systems and platforms.
  • Participates in development of Enterprise Engineering and Architecture Standards and Practices as required

Product Roadmap
  • Establish the technical framework for the incident response strategy and lifecycle.
  • Work with the platform manager to define business-value based objectives and user stories for upcoming sprints
  • Develop innovative solutions, taking into consideration performance, scalability, and availability with realistic implementation schedules.

  • Guide business and/or capability (platform) managers with investment and budget decisions based on the portfolio of tools needed to accomplish a desired outcome.
  • Investigate new technologies and make recommendations to capability and platform managers regarding potential usage.
  • Collaborate with the platform manager during complex discussions with business stakeholders, vendors, or technology, particularly when determining the technical requirements/capabilities needed to meet business goals.

Continuous Improvement/Operations
  • Provide critical input to other capability and platform teams as needed to ensure alignment with broader ITS strategic objectives.
  • Drive the continuous improvements of implementation methodology and service offerings based on customer/employee experiences.
  • Work to streamline processes, with the goal of speeding delivery to the customer, while balancing risk management objectives.
  • Work with developers, administrators and support staff to analyze incident trends & underlying system problems to identify incremental improvement opportunities that support/drive key business value drivers.
  • Follows ITS Disaster Recovery (DR) policy and standards.

Technical Leadership / Active Practitioner
  • Participate in a Community of Interest for engineers across all teams to share information and strengthen understanding of business needs and technology-based business solutions.
  • Serve as the technical liaison and subject matter expert in business interactions.
  • Provide 'level 2 or 3' support and problem management guidance for the Information Technology Services teams.

Domain Responsibilities
  • Extensive security experience to detect assess, investigate, remediate and recover from security issues.
  • Extensive experience with designing, implementing, and optimizing a Security Incident Response process.
  • Monitor security events to detect threats On-call availability outside business hours.
  • Ability to interpret, understand, and communicate real business risks in relation to technology risks.
  • Understanding of common security threats, attack vectors, vulnerabilities and exploits.
  • Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
  • Profile and track APT actors that pose a threat in coordination with threat intelligence support teams.
  • Determine scope of intrusion identifying the initial point of access or source.
  • Recommend remediation activities to secure the source or initial point of access of intrusion.
  • Perform forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators.
  • Assist in the development of Standard Operational Procedures that reflect all aspects of day-to-day operations of incident response
  • Maintain situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures.
  • Design, build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
  • Develop new and novel defense techniques to identify and stop advanced adversary tactics and techniques.
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.

Desired Education and Certifications
  • Bachelor's degree or equivalent in Information Security, Information Technology, Computer Science, Engineering or related field
  • Certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+ CCSP)

Work Experience
  • 5+ years of Information Security or Incident Response related experience
  • 2+ years of hands-on experience security operations, and incident response
  • Experience analyzing system and application logs to investigate security issues and/or complex operational issues
  • An understanding of threat and incident management in triage, containment, escalation and mitigation
  • Solid understanding and experience using event escalation and reporting procedures
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
  • Demonstrated experience in handling security events in mission critical environments; hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests
  • Advanced knowledge of TCP/IP networking and network services, such as DNS, SMTP, DHCP, etc.
  • In-depth understanding of authentication protocols, applied cryptography, key management, PKI and SSL/TLS
  • Experience in enterprise architecture practices, frameworks and methodologies
  • A demonstrated ability to work within a team and build consensus towards a technical direction
  • Strong technical expertise in executing proofs of concept and experimentation with development teams
  • Technology delivery experience through concept, development, validation, deployment, and support
  • Product evaluation through RFI/RFP including working with vendors and internal stakeholder groups
  • An understanding of external cloud hosting providers including Amazon Web Services, Microsoft Azure
  • Solution Architecture experience with projects using Agile and Iterative approach
  • Broad understanding of the following areas of security incident response core applications , including
    • Different phases of response
    • Vulnerabilities vs threats vs actors>
    • Indicators of compromise (IOCs)
Benefits Offered

AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.
Equal Employment Opportunity

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.

Similar jobs