Security Engineer
United States
Full Time
3 weeks ago
$100,000 - $130,000 USD
No Visa Sponsorship
Key skills
ElasticSearchLogstashPythonData MiningElasticsearchKibanaCommunicationFirewall
About this role
Role Overview
- Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
- Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
- Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
- Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
- Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
- Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
- Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
- Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
- Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
- Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
- Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
- Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions
Requirements
- Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
- SIEM administration, configuration experience
- Experience writing tools to automate tasks and integrate systems in Python or other language
- The ability to think creatively to find elegant solutions to complex problems
- Excellent verbal and written communication skills
- Incident handling/response experience
- The desire to work both independently and collaboratively with a larger team
- A willingness to be challenged along with a strong appetite for learning
- 2-4 years of experience in Information Security, Incident Response, security automation, etc.
- Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
- Knowledge of common security analysis tools & techniques
- Understanding of common security threats, attack vectors, vulnerabilities, and exploits
- Knowledge of regular expressions
- Customer service focused and portrays energy, professionalism, and welcoming characteristics.
- Strong ability to work in a highly sensitive and confidential environment.
- Ability to meet deadlines and handle sensitive and pressured situations.
- Ability to identify issues and help develop strategy and tactical plans for various department initiatives.
- Ability to use good judgment and decision-making skills
Tech Stack
- ElasticSearch
- Logstash
- Python
Benefits
- Medical, Dental, and Vision Insurance
- 401(k)
- Paid company holidays
- Paid time off
- Paid parental and caregiver leave
- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.