Key skills
Elastic SecuritySIEM administrationIncident responsePythonSecurity technologiesSecurity analysis toolsCustomer serviceJudgment skillsData MiningElasticsearchLogstashKibanaCommunicationFirewall
About this role
AHEAD builds platforms for digital business and is seeking a Dedicated Security Engineer to implement and maintain cloud-based SIEM Solutions. The role involves monitoring client environments, collaborating with client security teams, and enhancing managed security support.
Responsibilities:
- Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
- Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
- Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
- Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
- Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
- Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
- Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
- Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
- Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
- Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
- Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
- Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
- Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions
Requirements:
- Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
- SIEM administration, configuration experience
- Experience writing tools to automate tasks and integrate systems in Python or other language
- The ability to think creatively to find elegant solutions to complex problems
- Excellent verbal and written communication skills
- Incident handling/response experience
- The desire to work both independently and collaboratively with a larger team
- A willingness to be challenged along with a strong appetite for learning
- 2-4 years of experience in Information Security, Incident Response, security automation, etc
- Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
- Knowledge of common security analysis tools & techniques
- Understanding of common security threats, attack vectors, vulnerabilities, and exploits
- Knowledge of regular expressions
- Customer service focused and portrays energy, professionalism, and welcoming characteristics
- Strong ability to work in a highly sensitive and confidential environment
- Ability to meet deadlines and handle sensitive and pressured situations
- Ability to identify issues and help develop strategy and tactical plans for various department initiatives
- Ability to use good judgment and decision-making skills
- Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
- One or more of the following certifications: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer