Security Engineer

AHEAD is a company that builds platforms for digital business, focusing on cloud infrastructure, automation, analytics, and software delivery to enable digital transformation. The Security Engineer role is a client-facing, technical position responsible for implementing and maintaining cloud-based SIEM solutions and supporting the Managed Security program. The role involves collaboration with client security teams, incident detection and response, and continuous improvement of security monitoring and incident response processes.

Responsibilities:

• Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
• Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
• Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
• Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
• Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
• Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
• Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
• Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
• Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
• Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
• Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
• Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions

Requirements:

• Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
• SIEM administration, configuration experience
• Experience writing tools to automate tasks and integrate systems in Python or other language
• The ability to think creatively to find elegant solutions to complex problems
• Excellent verbal and written communication skills
• Incident handling/response experience
• The desire to work both independently and collaboratively with a larger team
• A willingness to be challenged along with a strong appetite for learning
• 2-4 years of experience in Information Security, Incident Response, security automation, etc
• Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
• Knowledge of common security analysis tools & techniques
• Understanding of common security threats, attack vectors, vulnerabilities, and exploits
• Knowledge of regular expressions
• Customer service focused and portrays energy, professionalism, and welcoming characteristics
• Strong ability to work in a highly sensitive and confidential environment
• Ability to meet deadlines and handle sensitive and pressured situations
• Ability to identify issues and help develop strategy and tactical plans for various department initiatives
• Ability to use good judgment and decision-making skills
• Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
• One or more of the following certifications: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer