Threat & Incident Response Engineer

Drive Your Career

Lear Corporation is the leading Tier 1 automotive supplier serving all of the world’s major automotive manufacturers with our world-class automotive seating and automotive electrical products. Our products are developed and produced by a diverse, talented team of more than 165,000 people. With operations in 39 countries, Lear operates in every major automotive manufacturing region in the world. For our globally positioned and successful teams, we are looking for dedicated talents with zest for action and enthusiasm. If you love challenges, want to experience development opportunities unrestrained, and want recognition that pays off, then you’ve come to the right place with Lear.

TITLE: THREAT & INCIDENT RESPONSE ENGINEER – REMOTE
LOCATION; SOUTHFIELD, MICHIGAN – LEAR EAST CAMPUS/WORLD HEADQUARTERS

As a member of the Information Security’s Threat and Vulnerability Management team, the Threat and Incident Response Engineer will be responsible for monitoring, investigating and responding to security incidents and managing various security tools used within Lear. Additionally, work with and support a MSSP providing SOC and Vulnerability Management services.

The Role:

Your work will include, but not be limited to:

• Perform tier three analysis conducting host forensics, network forensics, log analysis, and malware triage in support of incident response investigations in order to determine root cause
• Identify key data points regarding information security incidents, such as root-cause analysis, possible attack methods and techniques, malware infection and persistence methods, etc.
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
• Build scripts, tools, or methodologies to enhance incident investigation processes
• Implement integration/orchestration of existing and new forensic infrastructure and tools
• Perform as an Information Security SME in the following areas:
  • Digital Forensics
  • Incident Response
  • Log analysis
  • Popular operating systems (Windows, Mac, Linux, Android, etc.)
  • Networking (Firewalls, IDS/IPS, packet capture)
  • Other security related disciplines

Your Qualifications:

• Preferred experience as a Crowdstrike Falcon Responder and/or Administrator
• 5+ years overall technical experience in either forensics, threat intelligence, incident response, security operations, or related technical information security field.
• Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
• Strong and recent experience with malware analysis and reverse engineering.
• Expert understanding of large, complex corporate network environments
• Experienced with one or more of the following – EnCase, FTK, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open-source forensic tools
• Ability to communicate technical details in clear and concise terms to senior management
• Deep understanding of Linux, Windows, malware analysis, host/network based forensics, memory forensics and network traffic analysis
• Experience developing scripts and automating tasks to enhance investigations

Bonus If You Have:

• Strong working knowledge and experience in Splunk, Qualys, Proofpoint, McAfee, CyberArk, Duo
• Security certifications including but not limited to CISSP, CRISC, CEH, CISM, GIAC, OSCP, OSCE
• Experience working in an Information Security team in the automotive field

Lear Corporation is an Equal Opportunity Employer, committed to a diverse workplace.

Applicants must submit their resume for consideration using our applicant tracking system. Due to the high volume of applications received, only candidates selected for interviews will be contacted. Candidates must be legally authorized to work in the United States without sponsorship. Unsolicited resumes from search firms or employment agencies, or similar, will not be paid a fee and will become the property of Lear Corporation.