Overview
Triage Security Engineer 3 role at Arctic Wolf. Position overview and objective: The Triage Security Engineers manage incoming security incidents and work with the Concierge Security team to provide post-incident remediation activities.
Primary Responsibilities and Duties
* Analyze incoming security events based on data points (network, endpoint, and log sources) expediently, consistently, and accurately; identify correlations to determine if behavior is expected.
* Provide technical guidance for the case and mentor less experienced team members; escalate to Concierge Security Team for business relationship support on feature requests.
* Prioritize events based on SLO; use independent judgment to determine prioritization and escalate as needed.
* Steer complex investigations within area of expertise and coordinate with other experts as needed.
* Review traffic and logs to identify secondary incidents and escalate true positives to the customer.
* Address complex customer security requests (e.g., active breaches) and resolve with cross-disciplinary teams.
* Act as a 3rd tier escalation for customer security issues on the phone; bring in others as needed.
* Conduct quality reviews on outgoing tickets and engagements; suggest process/workflow improvements and tools to management.
* Use the development platform to refine signals and reduce noise.
* Address customer questions related to Tier 3+ security incident tickets.
* Serve as an escalation point for TSA, TSE1, and TSE2; coach and mentor team members.
* Drive investigations and mentor Tier 2 to root cause post-mortems; provide next steps as escalation point.
* Prioritize task work according to priorities; represent AWN with customers as a technical senior provider.
Key Skills
* Strong understanding of Active Directory function
* Strong understanding of Windows utilities
* Strong understanding of firewall concepts
* Understanding of common business network environments
* Basic understanding of security concerns for cloud-based infrastructure-as-a-service providers
* Strong understanding of security concerns for common cloud-based services
* Understanding of security principles and tools
* Basic understanding of DTR process, and practical use
* Strong understanding of Identify, Contain, and Eradicate phases of Incident Response
Minimum Qualifications
* Relevant education could include university degree, college diploma, or industry certifications
* 3-5 years relevant experience
Preferred Qualifications
Environment and Physical Demands
* Work is primarily sedentary in nature and can be executed sitting or standing in an office environment.
* Requires ability to utilize technology related to using a keyboard, verbal communication, and work with device screens which require visual acuity.
* If located in a company office, mobility to physically navigate the space.
* In the event of business travel, mobility sufficient to utilize public and private transport and navigate to essential locations.
* May include moving or lifting of 25 pounds or less (e.g., office chair, reams of paper).
Travel Requirements
Typically 10% or less of business travel
Security Requirements
Conduct duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AWN business information.
Each successful candidate will be required to pass a criminal background check and an employment verification as a condition of employment.
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Information Technology
Industries
* Computer and Network Security
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr