Security Operations Engineer, Information Technology
Job Summary and Mission
This position contributes to Starbucks success by using a variety of tools to investigate alerts, indicators of compromise, log data and operational health for the Starbucks Security platform. The Security Operations Center Team (SOC Team) is accountable for monitoring and responding to alerts generated by internal tools, external monitoring and threat intelligence for Starbucks Global Platform.
Models and acts in accordance with Starbucks guiding principles.
Summary of Key Responsibilities
Responsibilities and essential job functions include but are not limited to the following:
- Monitor and analyize log events generated from a variety of platforms including the SEIM, IDS/IPS, Firewalls,
- WAFs, AntiVirus and application logs
- Review threat intelligence reports and feeds, make recommendations for profile or toolset changes based on reviews
- Investigate and determine if risk is present based on alerts
- Performs Malware research and analysis
- Document and escalate or remediate events
- Performs daily, weekly, monthly and quarterly control activites required for internal compliance, SOX or PCI
- Participate in incident response activities and with appropriate teams
- Performs actions required for and develops reports for escalation of security events or investiagtions
- Provide feedback to engineering teams for modification of tools and improvements
- Facilitate remediation of threats by working with other IT teams or end users
- Monitors performs of key controls and/or systems and performs updates as required
Summary of Experience
- Experience in the field of digital forensic examination and/or eDiscovery fields. (3-5 years)
- 3-5 years of practical hands-on experience in the field of digital forensic investigation with direct experience in forensic image acquisition, preservation and handling is required.
- 2-3 years of practical hands-on experience with forensic platforms such as AccessData FTK or Guidance EnCase is required.
- 2-3 years of security incident handling experience is required.
- 1-2 years of practical hands-on experience working with eDiscovery platforms from vendors such as Nuix, AccessData, Exterro or Guidance is preferred.
- 1-2 years of practical hands-on experience working with the Cyber Kill Chain methodology in identifying and tracking attack progression is preferred.
- 1-2 years of practical hands-on experience in conducting memory analysis with tools such as AccessData FTK or Mandiant’s Redline is preferred.
- Practical hands-on experience with mobile device forensic analysis is desired.
- Certifications such as GCFE, GCFA, GREM are desired.
- Experience providing expert witness testimony is desired.
Required Knowledge, Skills and Abilities
- Ability to apply knowledge of multidisciplinary business principles and practices to achieve successful outcomes in cross-functional projects and activities.
- Identifies issues, presents findings, and suggests solutions to counterpart teams both internal and external to Information Protection Services.
- Relies on experience and judgment to accomplish goals set forth by the team.
- Knowledge and ability to apply process improvement principles.
- Chain of custody process and management.
- Filesystem structure and analysis.
- File carving and data extraction.
- Indicators of Compromise (IoC) and malware detection.
- Incident response and forensic process frameworks.
- Volatile data analysis.
- Understanding of creating timelines using data from multiple sources and able to analyze timelines to identify relevant events.
Starbucks is an equal opportunity employer of all qualified individuals, including minorities, women, veterans & individuals with disabilities. Starbucks will consider for employment qualified applicants with criminal histories in a manner consistent with all federal, state, and local ordinances.
Company Type: Public Company
Company Size: 10,001+