Digital Forensics Engineer

At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you'll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.

You will have a key role in cybersecurity incident response ensuring rapid and effective response to security threats that affect Sonos' systems, services, or products. In doing so, you will be helping to protect customers and enable Sonos to continue to deliver delightful sound experiences to our customers worldwide.

What You'll Do

• Lead computer forensic investigations and electronic discovery requests using forensic methodology and tools.
• Perform detailed investigations and analysis of security-related findings escalated from the SOC.
• Participate in Cyber Threat Intelligence (gather and operationalize data, including hunt activities).
• Occasionally act as incident commander and drive security incidents to closure.
• Communicate and document forensic and hunt activities and preserve evidence in an organized manner.
• Perform root cause analysis, participate in lessons learned activities, and contribute to action plans that will prevent or mitigate against future incidents.
• Develop and maintain playbooks and monitoring use cases.
• Participate in on-call rotation.

What You'll Need

Basic Qualifications

• 3+ years of professional work experience in a technology field where you solved complex problems through influence and strong organizational skills.
• 3+ years demonstrated experience in digital forensics and investigations, specifically in areas such as vulnerability and exploit reverse engineering, host forensics, malware analysis, network traffic analysis, forensic evidence collection and preservation, adversary hunting, and red teaming.
• Experience with cyber security incidents of different types, including malware compromise, adversary investigations, malicious insider, web application attacks, and data breaches.
• The ability to maintain a professional approach and organize your work while under pressure.
• Be able to communicate complex and technical issues to diverse audiences, verbally and in-writing, including in ways that a non-security technical audience can easily understand.

Preferred Qualifications

Working knowledge of a range of security-related subjects and relevant certifications.

#LI Remote