Security Engineer

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived. We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

Role & Responsibilities:

• Monitor and manage the health and performance of the client instance of AHEAD Managed Security SIEM platforms and deployed SIEM agents
• Partner with client Security team and other AHEAD Managed Security and in the design and implementation of new data visualizations and custom detection rules
• Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
• Attend client-facing security meetings and provide updates to SOC metrics, ongoing projects, and technical issues
• Join incident bridges in response to IT or security incidents to provide an expert opinion and assistance with querying available log data related to the incident
• Engage with client security and IT infrastructure teams for new data source onboarding activities, including ingestion, normalization, and enrichment through various ingestion methods
• Assist with planning, implementation, and validation of changes applied by AHEAD or client infrastructure teams to remediate penetration test findings
• Provide evidence required to support the completion of audit and compliance questionnaires, as it applies to AHEAD support to the client
• Perform configuration and content development including index lifecycle management, data ingestion, detection rule tuning and more within the SIEM platform
• Perform robust capacity planning activities within SIEM platform to ensure data source ingestion remains within contracted scope
• Partner with AHEAD Managed Security SOAR engineering resources for integrations and security incident investigation workflow design and continuous improvement
• Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall Managed Security functions

Position Requirements:

• Experience with Elastic Security and all its components (Elasticsearch, Logstash, Kibana, Filebeat, Elastic Agent)
• SIEM administration, configuration experience
• Experience writing tools to automate tasks and integrate systems in Python or other language
• The ability to think creatively to find elegant solutions to complex problems
• Excellent verbal and written communication skills
• Incident handling/response experience
• The desire to work both independently and collaboratively with a larger team
• A willingness to be challenged along with a strong appetite for learning
• 2-4 years of experience in Information Security, Incident Response, security automation, etc.
• Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)
• Knowledge of common security analysis tools & techniques
• Understanding of common security threats, attack vectors, vulnerabilities, and exploits
• Knowledge of regular expressions
• Customer service focused and portrays energy, professionalism, and welcoming characteristics.
• Strong ability to work in a highly sensitive and confidential environment.
• Ability to meet deadlines and handle sensitive and pressured situations.
• Ability to identify issues and help develop strategy and tactical plans for various department initiatives.
• Ability to use good judgment and decision-making skills

Education:

• Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
• One or more of the following certifications: CISSP, GCIA, GCIH, GPYC, GMON, GCDA, Elastic Certified Engineer

The compensation range indicated in this posting reflects the On-Target Earnings ("OTE") for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate's relevant experience, qualifications, and geographic location. Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include: - Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits for additional details. Use of AI: We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at View email address on click.appcast.io. You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.