Senior Cyber Security Investigator
CLEAR makes life easier and more secure by using biometrics – your fingerprints, eyes and face – to confirm that you are you, and keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet or phone. Now in 45+ airports and other venues nationwide, you are your ID, credit card, ticket, reservation and more with CLEAR.
We’re defining and leading an entirely new industry, moving quickly with data-informed decisions, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List and winner of the SXSW Interactive Innovation Award, we’re working tirelessly to create frictionless customer experiences for our 3+ million members across the country.
We are looking for a Senior Cyber Security Investigator to join the Incident Response team who has a strong drive to solve security challenges within a rapidly expanding organization and the desire to implement best-in-class security measures using cutting edge technology. The right person for this role has a proven track record of delivering high-quality security solutions in a fast-paced, scaling environment.
What you will do:
- Conduct technical cyber and physical security investigations
- Create and support investigative and forensic documentation
- Develop detection logic for malicious indicators and behaviors in our SIEM
- Perform forensic analysis with EDR tools and disk imaging software
- Operationalize the detection of attacker TTPs
- Develop, curate, integrate and operationalize Threat Intelligence Feeds
- Represent CLEAR in threat intelligence information sharing programs
- Perform network, endpoint, and identity log analysis across multiple environments to detect compromised identities and machine.
- Work with investigation playbooks in our SOAR appliance (Python scripting)
- Participate in attacker simulation exercises (Red Team)
Who you are:
- You have lead other investigation and response teams
- At least 4 years experience in Security Operations Center (SOC) or similar investigation centers
- At least 2 years experience in Incident Response in a corporate enterprise
- Performed forensic investigations on Mac and Windows machines
- Experience performing investigations in AWS cloud environments.
- Experience in fast-paced investigations
- Experience with programming or scripting languages (Python/Bash)
- Ability to present highly technical information to non-technical audiences