AHEAD USA
Security Engineer
AHEAD USA, Cincinnati, Ohio, United States, 45208
AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.The Managed Security Team at AHEAD monitors customers environments and performs Incident Detection, Validation, and Incident Reporting. The Engineer will be responsible for the implementation and maintenance of our SIEM & SOAR Solutions and other technologies that support the Information Security program across AHEAD. This is a technical hands on position that requires someone with an understanding of the needs of a 24/7 SOC (Security Operations Center). We are looking for a candidate who has had a great deal of SIEM, SOAR, and security experience that will work closely with the SOC staff and with other highly technical members across multiple teams to continuously improve and enhance AHEAD technical information security program. Incumbents will possess strong technical and analytical skills while providing accurate analysis of security related problems. They have a well-rounded networking background and are responsible for performing troubleshooting of client issues. This individual is user focused and works to resolve client needs in a timely manner. These needs may involve resolving hardware/software failures, investigating and responding to security threats, and making change request to the security policy of company devices.The Security Engineer is expected to monitor security feeds from client servers, network devices, and end user workstations, operate and maintain network security equipment at client locations. The Engineer is expected to be familiar with a wide range of security tools and understand basic security fundamentals. The Engineer will perform information security event analysis and must possess knowledge of operating systems, TCP/IP networking, network attacks, attack signatures, defense countermeasures, vulnerability management, and log analysis.Roles & Responsibilities
Design and develop workflows between and within a SOAR, SIEM, big data platforms, threat & vulnerability intelligence solutions and other information security incident response systemsInvestigate intrusion attempts and perform in-depth analysis of exploitsProvide network intrusion detection expertise to support timely and effective decision making of when to declare an incidentConduct proactive threat researchReview security events that are populated in a Security Information and Event Management (SIEM) systemTuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibilityData mining of log sources to uncover and investigate anomalous activity, along with related items of interestIndependently follow procedures to contain analyze and eradicate malicious activityDocument all activities during an incident and provide leadership with status updates during the life cycle of the incidentIncident management, response, and reportingProvide information regarding intrusion events, security incidents, and other threat indications and warning information to the clientTrack trends and statistics for each assigned clientAssist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functionsClient-facing security meetingsRequirements
Experience writing tools to automate tasks and integrate systems in PythonExperience with the implementation and refinement of SOAR platforms is a significant plusThe ability to think creatively to find elegant solutions to complex problemsExcellent verbal and written communication skillsIncident handling/response experienceThe desire to work both independently and collaboratively with a larger teamA willingness to be challenged along with a strong appetite for learning2-4 years of experience in Information Security, Incident Response, security automation, etc.Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)Knowledge of common security analysis tools & techniquesUnderstanding of common security threats, attack vectors, vulnerabilities and exploitsKnowledge of regular expressionsCustomer service focused and portrays energy, professionalism and welcoming characteristics.Strong ability to work in a highly sensitive and confidential environment.Ability to meet deadlines and handle sensitive and pressured situations.Ability to identify issues and help develop strategy and tactical plans for various department initiatives.Ability to use good judgment and decision-making skillsEducation
Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experienceOne or more of the following certifications are ideal, but not required: CISSP, GCIA, GCIH, GPYC, AWS Certified Solutions Architect, AWS Certified SysOps Administrator, AWS Certified Developer, Elastic Certified EngineerWhy AHEAD:Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.USA Employment Benefits include:
- Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details.
Design and develop workflows between and within a SOAR, SIEM, big data platforms, threat & vulnerability intelligence solutions and other information security incident response systemsInvestigate intrusion attempts and perform in-depth analysis of exploitsProvide network intrusion detection expertise to support timely and effective decision making of when to declare an incidentConduct proactive threat researchReview security events that are populated in a Security Information and Event Management (SIEM) systemTuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibilityData mining of log sources to uncover and investigate anomalous activity, along with related items of interestIndependently follow procedures to contain analyze and eradicate malicious activityDocument all activities during an incident and provide leadership with status updates during the life cycle of the incidentIncident management, response, and reportingProvide information regarding intrusion events, security incidents, and other threat indications and warning information to the clientTrack trends and statistics for each assigned clientAssist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functionsClient-facing security meetingsRequirements
Experience writing tools to automate tasks and integrate systems in PythonExperience with the implementation and refinement of SOAR platforms is a significant plusThe ability to think creatively to find elegant solutions to complex problemsExcellent verbal and written communication skillsIncident handling/response experienceThe desire to work both independently and collaboratively with a larger teamA willingness to be challenged along with a strong appetite for learning2-4 years of experience in Information Security, Incident Response, security automation, etc.Hands-on experience with common security technologies (IDS, Firewall, SIEM, SOAR, EDR, etc.)Knowledge of common security analysis tools & techniquesUnderstanding of common security threats, attack vectors, vulnerabilities and exploitsKnowledge of regular expressionsCustomer service focused and portrays energy, professionalism and welcoming characteristics.Strong ability to work in a highly sensitive and confidential environment.Ability to meet deadlines and handle sensitive and pressured situations.Ability to identify issues and help develop strategy and tactical plans for various department initiatives.Ability to use good judgment and decision-making skillsEducation
Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experienceOne or more of the following certifications are ideal, but not required: CISSP, GCIA, GCIH, GPYC, AWS Certified Solutions Architect, AWS Certified SysOps Administrator, AWS Certified Developer, Elastic Certified EngineerWhy AHEAD:Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.USA Employment Benefits include:
- Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details.