Principal Cybersecurity Incident Responder - Remote

Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different?

The Cybersecurity Incident Response team fulfills one of the most critical roles for IT Security – responding to detected or reported security incidents. The team evaluates information to identify incident impact, performs investigation, determines facts, coordinates containment & response, identifies recovery actions to prevent future recurrence, builds and issues executive communications, and provides reporting and trending for these security incidents. You focus on Incident response, malware reverse engineering, and host forensics. We are looking for you to bring expertise in at least ONE of those areas and a desire to learn more.

As a Principal Cybersecurity Incident Responder, you will lead response efforts for the entire lifecycle of security incidents: incident identification, scoping, assessing impact, partnering with the Global IT organization for containment and eradication, and communicating status and technical details to senior leadership and incident coordinators.

• You will evangelize IR program maturity and growth including process and technologies, keeping informed of evolving threat landscape, recommending advanced approaches and technologies for modernizing adversary detection and prevention.
• Engage, invoke, and oversee 3rd party breach and forensic retainer service providers as needed.
• Establish and mature forensic program incorporating best in class process and technology from Digital Forensics Incident Response (DFIR) community; conduct computer forensics of various information security incidents and suspicious events in the enterprise including mobile, server, cloud, and digital.
• Collaborate with SOC Analysts and Incident Coordinators to develop and facilitate threat-based IR tabletops and simulation scenarios, raising awareness and identifying IR process improvement opportunities.
• Partner with SIEM Engineering team to enhance telemetry and visibility for Incident detection and investigations.

Our team is looking for people with a passion for cyber security, intellectual curiosity, and willingness to drive better solutions and get results. We want associates that are familiar with fostering a strong collaborative environment in high-pressure situations, responding with appropriate speed and urgency to critical security issues. You will need the ability to pivot frequently between multiple conflicting high priority tasks, and demonstrate exceptional thoroughness in all aspects of incident analysis.

• Expertise in security incident management techniques throughout the entire lifecycle: assessment, containment, restoration, documentation, evidence preservation, and forensics.
• Demonstrated experience performing hands-on forensic investigations of mobile devices, servers, desktops, tablets, etc., and advanced working experience of one or more forensics tools (i.e., EnCase, FTK, etc.).
• Considerable experience with malware detection, malware analysis, and reverse engineering malicious code.
• Extensive hands-on experience in EDR technologies, malicious code analysis, packet capture analysis, identifying indicators of compromise (IOC), threat analysis, anomaly detection, next generation firewalls (NGFW), security incident and event management (SIEM) technologies, and vulnerability assessment tools.
• Strong understanding of networking, operating system platforms, relational database management systems, as well as cloud and hosting services.
• Strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate cyber security concepts to technical and non-technical audiences.
• Working understanding of compliance and contractual requirements for SOX, PCI, GDPR, etc.

• Bachelor’s degree or equivalent experience in Cyber Security, Information Technology, Information Assurance, or a related field.
• 10+ years combined years of incident response, malware analysis, and forensic investigation.
• Familiarity with Security frameworks including NIST CSF, NIST 800-53, ISO27001, ISO27002, ISO27005, and other industry standards.
• Certifications such as CISSP or comparable.