Incident Response Engineer

When you join Trend, you become part of a unique and diverse global family and you get to work towards a world safe for exchanging digital information.

ABOUT TREND MICRO 

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. For additional information, visit www.trendmicro.com

POSITION OVERVIEW

The Incident Response Engineer with (MMEA/Egypt) supports Trend Micro efforts to provide incident response and analytic capabilities to technical support cases submitted to Trend Micro, as well as to the Managed Detection and Response Operations. The Incident Response Engineer has technical knowledge and experience performing incident response, network monitoring, and has performed related malware analysis. The Incident Response Engineer should be a strong leader with the ability to perform multiple types of analysis roles independently or co-working with a Security Operations Center includes providing mitigation recommendations. Finally, the Incident Response Engineer shall at times deliver senior level briefings that address cases or ongoing investigations.

PRIMARY RESPONSIBILITIES & EXPERIENCE

• Oversee all incident responses, from detection to incident resolution.
• Serve as a contact point for suspicious and malicious events escalated by technical support cases, as well as from the Trend Micro threat hunting efforts and Incident Response Operations.
• Collect and preserve digital evidence for analysis using traditional DFIR and XDR methods.
• Analyze different digital forensic artifacts, network traffic, security events to perform root cause analysis and summarize all investigation and conclusion in an incident report.
• Differentiate between potential intrusion attempts and false alarms, evaluating unknown or suspicious activity as well as consulting on measures to mitigate their impact on availability and productivity.
• Review and analyze technical components of malware and other related threat activities in security-related events and different data sources to develop and refine detection criteria, as well as generate threat intelligence.
• Compose security alert notifications and other communications.
• Stay up to date with current vulnerabilities, attacks, and countermeasures.
• Explain different threats to both technical and non-technical parties who do not necessarily have relevant background and provide consultancy on how to improve security posture to prevent relative threats.
• Occasional evenings and weekends may be required.

Required/Mandatory Qualifications:

• A degree in a related field such as Digital Forensics, security, computer engineering, computer science, Communication/Electronics engineering or equivalent professional certifications preferably GIAC/SANS (GEIR, GX-FA, and/or GCFA are a clear advantage)
• Eligible to work in Egypt and is ready to be resident in Cairo (or around it) starting 1st of September. Role is hybrid, employee may be asked to regularly work from office few days per week.
• 3+ year experience in a full-time security position involving threat detection investigation and response.
• Sufficient knowledge of different security controls
• Sufficient Knowledge of common enterprise’s IT infrastructure (Network and different types of OS)
• Sufficient knowledge on adversary Tactics, Techniques, and procedures
• Experience with log analysis, event correlation and incident management procedures and systems, as well as knowledge of host and network log sources.
• Experience with host-based digital forensics and threat hunting.
• Aptitude for learning, being self-directed, and being capable of working in critical incidents.
• Must have powerful sense of duty, diligent in investigation.
• Ease of communication to internal and external stakeholders in English and Arabic. Communication may include reports, presentations, verbal instant updates or others.

Preferred Qualifications (any of the below skills would be a plus but they are not mandatory):

• Experience in IR readiness and SOC maturity Consultancy.
• Familiarity with Trend Micro products and technology
• Malware analysis and threat detection engineering
• Coding ability using any scripting language

Trend Micro strive to build an environment of equity and inclusion, which reflects diverse points of view. We welcome, value, promote, and celebrate diversity - the very experiences and attributes that make us who we are, including but not limited to race, ethnicity, nationality, gender, gender identification, sexual orientation, level of ability, age, religion, veteran status, socio-economic status, and political philosophy.

We embrace change, empower people, and encourage innovation. Join Trend Micro and Thrive with us.