Staff Information Security Engineer

The Challenge

Qualtrics is growing exponentially, both in terms of customers and new services, which inevitably results in an ever-expanding threat landscape. We must continuously evaluate how we secure our data and identify potential threats - both current and futures ones. We are looking for an experienced security engineer capable of driving strategy around threat hunting and intelligence collection to provide the company with a decision advantage, to lead execution of a program to enhance our proactive detection and response capabilities and to support other InfoSec organizations in Cybersecurity Risk Management and Threat Modelling and in-depth Incident Response support in complex cases up to and including forensics analysis and reverse engineering or malware.

Expectations for Success

• Minimum of a BS degree, preferably in IT Engineering, Computer Science, or any other IT-related field of study or equivalent relevant experience
• 8+ years of experience in the Information Security field.
• 5+ years of prior SOC and/or Incident Response, Threat Hunting, Cyber Threat Intelligence experience.
• Ability to lead an Incident Response Team and respond to emergency calls during non-business hours, as needed.
• Experience with incident response forensic and malware analysis.
• Possess the ability to react quickly, decisively, and deliberately.
• Excellent verbal and written communication skills.
• Proactive, self-managed, and able to interface well with interdisciplinary teams across the organization, including executive leadership.
• Experience performing analysis utilizing SIEM, SOAR, EDR, IPS, Firewalls and HIDS/HIPS technologies.
• Experience in analyzing large datasets.
• Experience with cloud computing and AWS services.
• In-depth knowledge on the cyber threat landscape, including threat actors, advanced cybercrime, attack types, tactics, techniques and procedures
• Experience in the preparation and production of written intelligence products.
• Strong experience and understanding of intelligence processes: analytical methods, the intelligence cycle, intelligence collection.
• Strong understanding of networking and associated protocols.
• Experience with MITRE ATT&CK, Cyber Kill Chain, NIST/SANS Incident Response Plan, Diamond Model.
• Experience in Threat Hunting with tools such as VirusTotal Intelligence, Certificate Transparency logs, Shodan, Censys etc.
• Experience in using commercial and open source tools to research external threat actors and threat actor groups.
• Knowledge of STIX/TAXII, SIGMA, DISA STIGs.
• Experience with multiple operating systems with a System Administrator level skill set on Windows, MacOS and Linux.
• Basic development skills including scripting (e.g. Python, shell scripting).
• GIAC (GCFA, GCTI, GREM), CISSP, OSCP or other security certification are strongly preferred, but not required

A Day in the Life

• Suport SOC/IR team during high and critical incidents 
• Provide leadership, mentoring, and training to SOC/IR/TH team personnel and to other Qualtrics stakeholders and the Qualtrics Information Security Team.
• Provide training and coaching for junior SOC/IR Engineers.
• Perform network and endpoint forensics to establish attack scope and root cause analysis.
• Perform malware analysis.
• Ensure communication and escalation of security activities to leadership.
• Perform additional analysis of escalations from SOC engineers and conducts incident review.
• Develop and improve attack remediation strategies, incident handling processes, standard operating procedures, playbooks, and automations.
• Identify and develop new technical intelligence sourcing, collection, and enrichment capabilities.
• Conduct proactive research to identify and analyze new and emerging cyber threats, including malicious infrastructure, tooling, and techniques.
• Produce detailed technical analysis on cyber threats,
• Identify alerting gaps and develops strategies to increase threat detection coverage.
• Identify process gaps across company and propose process improvements
• Support FedRamp, ISO27001, SOC, HITRUST, and other audit activities for security operations and incident response.

What differentiates us from other companies:

• Work life integration is deeply important to us - we have frequent office events, team outings, and happy hours
• We take pride in our offices design aiming at cultivating creativity from our rooftop views to an open and collaborative work space
• On top of the standard benefits package (medical, dental, vision, life insurance, etc) we provide snacks, drinks, and free lunches in our office

Qualtrics Work Experience - As we look to the future, we believe that our teams are better together. Being together will help us learn more, grow faster and ultimately deliver better results for our customers and Qualtrics. Roles tied to an office location work 4 days per week in the office together and 1 day from home, with a strong spirit of flexibility around taking time for personal, health, and family moments in our work weeks. Our managers work with their teams to create a collaborative, engaged work environment, and arrangement that works for each of our team members.

Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic. 

​Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act, Equal Opportunity Employment, Employee Polygraph Protection Act

Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.