Security Engineer

About The Position

Requirements

• Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
• SIEM administration, configuration experience
• Experience writing tools to automate tasks and integrate systems in Python or other language
• The ability to think creatively to find elegant solutions to complex problems
• Excellent verbal and written communication skills
• Incident handling/response experience
• The desire to work both independently and collaboratively with a larger team
• A willingness to be challenged along with a strong appetite for learning
• 2-4 years of experience in Information Security, Incident Response, security automation, etc.
• Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
• Knowledge of common security analysis tools & techniques
• Understanding of common security threats, attack vectors, vulnerabilities, and exploits
• Knowledge of regular expressions
• Customer service focused and portrays energy, professionalism, and welcoming characteristics.
• Strong ability to work in a highly sensitive and confidential environment.
• Ability to meet deadlines and handle sensitive and pressured situations.
• Ability to identify issues and help develop strategy and tactical plans for various department initiatives.
• Ability to use good judgment and decision-making skills
• Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
• One or more of the following certifications: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer

Responsibilities

• Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
• Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
• Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
• Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
• Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
• Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
• Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
• Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
• Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
• Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
• Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
• Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions

Benefits

• Medical, Dental, and Vision Insurance
• 401(k)
• Paid company holidays
• Paid time off
• Paid parental and caregiver leave