Team and Role Overview

The Response Engineering team is the last line of defense of protection against adversaries and responsible for remediating threats detected in the MetLife environment. Being a Response Engineer puts you in the pilot seat of defending against cyberattacks while creating solutions to automate and scale response actions. We strongly believe in quickly responding to and remediating security threats allowing leadership to focus on their business objectives.

The Response Engineering team has extensive experience conducting investigations on endpoints, servers, and emerging threat surfaces such as identity, email, SaaS, and cloud. The team utilizes a range of techniques such as analyzing telemetry data from security platforms, malware analysis, and threat hunting. We take advantage of SOAR capabilities to perform immediate actions when threats are detected. As Response Engineers, one of our goals is to identify opportunities to increase our efficiency and ensure we minimize the amount of time customer environments remain vulnerable. We do this by finding creative and innovative ways to use existing tooling to add into our arsenal while decreasing the amount of time it takes to respond to an incident and allowing the business to return to a normal operating status.

Key responsibilities

• Assume a SME role, taking ownership of tooling and processes, driving enhancements to elevate team capabilities.

• Utilize MetLife’s security products to analyze, contain, and remediate threats.

• Identify effective response strategies to further enhance the MetLife security posture.

• Actively engage and collaborate with the Detection Engineering, Threat Hunting, and Engineering teams to develop new ways of performing timely remediation of identified threats.

• Contribute technical content such as playbooks, scripts, and automation tooling to enhance processes, investigation workflows, and infrastructure.

• Engage with internal and external customers to resolve cybersecurity incidents.

• Take part in an on-call rotation responding to escalations from the SOC.

Essential Business Experience & Technical Skills

Requirements:

• 2+ years of Incident Response or comparable industry experience (threat hunting, threat detection and response, malware analysis, etc).

• 2+ years working knowledge and experience with one or more scripting languages: Bash, Perl, Python, JavaScript, PowerShell, KQL.

• Successful completion of one or more of the following certifications: CISSP, OCSP, CEH, GCIA, GCIH, GCFA, CYSA, Security+.

• 2+ years’ experience with Endpoint Detection and Response (EDR) products including CarbonBlack, CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, and Palo Alto Cortex.

• 2+ years’ experience with or the capacity to learn how to analyze telemetry from and within various email, identity, and cloud computing technologies including, but not limited to, AWS, Azure, Google Cloud Protection and Okta, Microsoft Entra ID.

• 2+ years’ experience understanding the internal system functionality of Windows, MacOS and Linux operating systems with the ability to perform deep forensics.

Preferred:

• Strong analytical, investigative, and problem-solving skills.

• Ability to work in a fast-paced, operational environment and successfully prioritize important tasks.

• Professional and articulate with excellent written and verbal communication skills.

• Deep interest in understanding and staying current with the latest adversary tactics and techniques.

• Understanding of enterprise technology, network controls, cloud environments, and security operations

• Understanding of security principles as it relates to email, identity, and cloud computing environments.

• Understanding of network communication.

Equal Employment Opportunity/Disability/Veterans

If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.

MetLife maintains a drug-free workplace.