As an Incident Responder, you will have the to step onto a fintech unicorn rocketship and make an impact to the business.
Who are Tipalti
Tipalti is one of the most exciting fintechs in the world, our Series F funding raising $270 million - valuing us at over $8.3 billion. We are on a journey to transform financial operations for high velocity organizations to rival those of the Fortune 5000.
You will be responsible for the following:
- Threat hunt inside Tipalti environments to discover existing malware or threat actors that compromised the network.
- Treat incident response cases from start to finish, including identifying the threats, machine/network/cloud forensics, creating timelines, and consulting external vendors on IR and mitigation steps.
- Producing reports on Tipalti threat hunting / Incident response cases.
- Research emerging attacks, technologies, threats, and vulnerabilities in SaaS and enterprise products and create actionable alerting scenarios to catch them through the Tipalti Siem Solution.
- Investigate logs from security systems to detect intrusions or misconfigurations and create detections based on your findings.
- Write detection rules documentation with actionable recommendations for mitigations.
- Investigate anomalies and incidents and create custom detections and next step recommendations.
Responsibilities:
- Manage and coordinate Tipalti cyber incident process with Tipalti SOC team.
- On-demand threat-hunting activities on multiple cloud environments and SaaS applications.
- On-demand Incident response treatment for serious incidents raised by our Tipalti SOC team.
- Research new attack vectors, including identification, and related mitigations across the enterprise IT landscape.
- Collaborate with Product and Engineering to leverage research findings to evolve Tipalti product and knowledge base.
- Be a knowledge source for new and emerging threats, incident response processes, and threat-hunting activities including mentoring the team on your findings and methods.
- Evaluate & recommend new security technologies and help shape the product with your insights and expertise.
- Regular updates to internal research findings.
- On-call availability off working hours.
About you:
Your background includes:
- 5+ years of experience in hands-on threat hunting and incident response in large, complex, security organizations and a proven track record in cybersecurity research, specializing in either APTs or cybercrime.
- Hands-on experience in threat hunting and incident response on cloud environments (AWS) and SaaS products (Jumpcloud, Google workspaces, Github etc).
- Experience in securing on-prem, cloud and SaaS environments and how organizations protect themselves from attacks (including hands-on experience with common tools and products - FW, IDS/IPS, WAF, EDRs, SIEM, VA, CSPM\DSPM, {AM etc), familiarity with common cloud and SaaS attack vectors and misconfigurations.
- Hands-on experience with machine forensics including analyzing disk, memory, and network artifacts on Windows and Linux machines.
- Hands-on experience with query languages (Kibana/KQL/Lucene, Splunk), working with JSON files and writing complex queries and rules.
Your skills include:
- An innovative mind with keen attention to detail and the ability to set his own goals and parameters for success, investigate and implement solutions and recommendations for the customer benefit.
- Solid understanding of the cyber security kill chain (MITRE ATT&CK/D3FEND), identifying security vulnerabilities, typical attacker exploit techniques, and related mitigations and remediations.
- Great communication skills - Fluent in english, spoken and written with a positive and helpful
As an advantage:
- Development of threat hunting automation (threat hunting scripts, IOC gathering scripts) - a big plus.
- Hands-on experience with malware analysis / DFIR in a custom-built sandbox environment (Dynamic & Static, including tools like - IDA Pro, Ollydbg, Wireshark) - advantage
- Reverse engineering experience - advantage.
#LI-IG1
#LI-hybrid
Companies like Twitch, Twitter, GoDaddy, and Roblox entrust Tipalti to scale their business rapidly and dramatically reduce finance friction. Headquartered in San Mateo, California, we're a well-funded startup with a multi-billion dollar valuation.
But beyond the technology and impressive growth, Tipalti is fueled by a commitment to our customers. We work hard for our 98% customer retention rate built on trust and reliability. Tipalti means "We handled it," a mission our customers know we deliver consistently.
Around personal growth and wellness, Tipalti offers competitive benefits, a flexible workplace, career coaching, and an environment where you can thrive and be an impact player! Our culture ensures everyone checks their egos at the door and stands ready to reach success together. We also dedicate ourselves to