Security Engineer

The Managed Security Team at AHEAD monitors client environments and performs Incident Detection, Validation, and Reporting. The Dedicated Security Engineer will be responsible for the implementation and maintenance of our cloud-based SIEM Solutions and integrations with other technologies that support the Managed Security program’s success with a key AHEAD client. This is a client-facing, technical, hands-on position that requires someone with an understanding of the operations of a 24/7 SOC (Security Operations Center) and the needs of an enterprise cybersecurity team. We are looking for a candidate who has had a great deal of SIEM and security experience that will work closely with the client’s Security staff and with other highly technical members across multiple teams, both within AHEAD and the client, to continuously improve and enhance AHEAD’s Managed Security support to the customer. Incumbents will possess strong technical and analytical skills while providing accurate analysis of security related problems. They have a well-rounded networking background and are responsible for performing troubleshooting of client issues. This individual is user focused and works to resolve client needs in a timely manner. These needs may involve resolving hardware/software failures, investigating and responding to security threats, and making change requests to the security policy of company devices.

The Dedicated Security Engineer is responsible for the day-to-day management of the client instance of the SIEM platform used by the Managed Security Team to monitor the client environment and detect security threats including: index lifecycle management, data ingestion, normalization, and enrichment, dashboard design and creation, detection use case creation and tuning, and more. The Dedicated Security Engineer is expected to be familiar with a wide range of security tools and understand basic security fundamentals.

• Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
• Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
• Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
• Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
• Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
• Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
• Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
• Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
• Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
• Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
• Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
• Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions

• Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
• SIEM administration, configuration experience
• Experience writing tools to automate tasks and integrate systems in Python or other language
• The ability to think creatively to find elegant solutions to complex problems
• Excellent verbal and written communication skills
• Incident handling/response experience
• The desire to work both independently and collaboratively with a larger team
• A willingness to be challenged along with a strong appetite for learning
• 2-4 years of experience in Information Security, Incident Response, security automation, etc.
• Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
• Knowledge of common security analysis tools & techniques
• Understanding of common security threats, attack vectors, vulnerabilities, and exploits
• Knowledge of regular expressions
• Customer service focused and portrays energy, professionalism, and welcoming characteristics.
• Strong ability to work in a highly sensitive and confidential environment.
• Ability to meet deadlines and handle sensitive and pressured situations.
• Ability to identify issues and help develop strategy and tactical plans for various department initiatives.
• Ability to use good judgment and decision-making skills

• Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
• One or more of the following certifications: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer