OverviewWe are seeking a full-time
Senior Cyber Security Engineer at Garmin's U.S. headquarters in the Greater Kansas City area. In this role, you will be responsible for the analysis of digital evidence and investigation of computers in support of system and network vulnerability mitigation. This individual is responsible for conducting sensitive, complex investigations into cyber incidents, systems compromise, data loss, insider threats and other cyber incidents. This member of the Cyber Defense Forensics Security Team (CSIRT) will provide recommendations on security posture and architecture of systems or networks and ensure adherence to Garmin's information security strategy, policies, programs, and best practices. This individual will lead and organize collection, processing, preservation, analysis, and presentation of evidence in support of a wide array of investigations.
Essential Functions- Serve as a trusted advisor to other cybersecurity teams and to Garmin business segments on multiple domains in cybersecurity
- Mentor and develop a team of highly skilled security professionals, promoting knowledge transfer, skill development, and a culture of continuous learning and improvement
- Proactively evaluate and design improvements to tool integrations and workflows, developing advanced automation and scripts and optimizing the use of security tool APIs
- Lead planning for project components, provide reliable progress reporting, and ensure cross-team alignment on schedules, risks, and deliverables
- Design and develop complex, integrated solutions to meet business requirements and enhance the performance of Garmin's security systems
- Contribute to the team roadmap and priorities
- Collaborate with cross-functional teams to identify automation opportunities that increase efficiency and reduce manual processes
- Participate in the evaluation and adoption of emerging security technologies to improve threat detection, prevention, and response
- Advise leadership on strategic technology investments to advance cybersecurity engineering capabilities
- Creates opportunities to share knowledge, skills, and abilities with other team members to further their professional development through training, mentoring, and hands-on assistance as appropriate
- Apply experience of investigative techniques in responding to host and network-based anomalies
- Evaluate system log files, acquired evidence, and other information to determine best methods for identifying and responding to the source of the incident or possible threats to security
- Coordinate closely with security operations center to determine scope, urgency, and potential impact, identifying possible specific vulnerabilities and making recommendations to expedite remediation
- Conduct host and network forensic analyses in and for both Windows, Linux, and MacOS environments and examine the recovered data for information of relevance to the investigation at hand
- Collect and analyze intrusion artifacts to include portable executables, malware, and system configuration and use the discovered data to enable mitigation of cyber defense incidents within the enterprise
- Develop malware analysis procedures using static and dynamic approaches to identify characteristics, capabilities, and an understanding of its functions so defensive actions can be taken
- Extract from memory and storage media files, malicious software, and forensics artifacts for analysis and provide detailed technical data as appropriate
- Conduct code analysis and possess a working background in programming languages and ASM
- Possess the ability to build and maintain malware analysis environments using cloud, virtual, and bare metal systems architectures that give insight into system and network behaviors
- Conduct and document cyber threat research using OSINT, incident response engagement data, and proprietary tool telemetry to produce intelligence threat assessments and threat actor summary products
- Evaluate and organize threat actor tools, tactics, and procedures (TTPs) according to MITRE ATT&CK and adjust collection, detection, or visibility within the enterprise once coverage gaps have been identified
- Function in a collaborative environment, providing continuous consultation with other analysts and experts-both internal and external to the organization-leveraging your analytical and technical expertise
Basic Qualifications- Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Business or another relevant field AND a minimum of 5 years of relevant experience OR an equivalent combination of education and relevant experience
- Leads clear, concise, and influential communication across teams and stakeholders
- Fosters collaboration, demonstrating leadership in team dynamics and maintaining a positive, solution-oriented approach
- Serves as a go-to problem solver for complex or ambiguous challenges, consistently delivering effective solutions and guiding others through problem-solving approaches
- Effectively prioritizes complex workloads and ensures timely follow-up on commitments
- Produces comprehensive, high-quality documentation and promotes best practices for organization and clarity
- Experience leading complex security engineering initiatives and mentoring team members on best practices in security operations and automation
- Strong understanding of core information technology services such as networking, storage, databases, and web-based services
- Possesses solid experience and working knowledge in cybersecurity, including threat modeling, adversary attack methodologies, incident handling, and triage
- Skilled in using common forensics tools such as EnCase, FTK, SleuthKit/Autopsy, Volatility, or similar solutions
- Proficient in conducting network, host, and memory forensics (including live response) across Windows, Mac, and Linux systems
- Demonstrates working proficiency with scripting or programming in Bash, Python, PowerShell, or Ruby
- Familiar with malware analysis procedures, using static and dynamic techniques to identify characteristics, capabilities, and potential impact
- Capable of extracting malicious software and forensic artifacts from memory or storage media and performing basic to intermediate analysis of the collected material
- Able to review and interpret code, with a foundational understanding of common programming languages and assembly concepts
- Experience setting up and maintaining malware analysis environments using cloud, virtual, or bare-metal systems to observe system and network behaviors
- Skilled in conducting cyber threat research using OSINT, incident data, and tool telemetry to develop threat summaries or assessment reports
- Experience organizing threat actor tools, tactics, and procedures (TTPs) in alignment with frameworks such as MITRE ATT&CK,and supporting improvements to detection and visibility
Desired Qualifications- Cybersecurity certifications such as CISSP, CCSP, ISSEP, etc.
- Experience with Azure or AWS public cloud services
- Certifications such as SSCP (Systems Security Certified Practitioner), SANS - GREM (GIAC Reverse Engineering), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), GCIH (GIAC Certified Incident Handler), FTK ACE (AccessData Certified Examiner, EnCase EnCE (Certified Examiner), or similar are highly desirable
Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran's status, age or disability.
This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits
Never miss an opportunity! Create an alert based on the job you applied for.
