Triage Security Engineer 3
Position Overview and Objective
The Triage Security Engineers manage in-coming security incidents and works with the Concierge Security team to provide post-incident remediation activities.
Primary Responsibilities and Duties
Analyze incoming security events based on different data points; network, endpoint, and log sources expediently, consistently, and accurately. Leverage education and training to identify correlations in client environment to determine if behavior is expected. Effectively navigate the Incident Triage Dashboard and load the Tier 3 incident queues.
Own overall technical guidance and direction for the case for the customer, with authority to guide less experienced Triage team members in support tasks and participation in customer interactions. Escalate case to Concierge Security Team should customer requests require business relationship support for feature requests.
Prioritize low or medium to complex incoming events based on SLO (Service Level Object) determined by customer exceptionally well. Use independent judgement to determine prioritization of events and alerts and escalates as needed.
Independently steer complex investigations within area of expertise, and leverage security knowledge to engage the other experts within other disciplines to resolve matters appropriately.
Review traffic and logs to determine secondary incidents of compromise and other malicious activity; escalate incidents from Tier 3 to the customer in a heightened state if a true positive event is suspected.
Review complex customer security requests including but not limited to active customer breaches and compromises or unexpected activity found in their network; independently within area of expertise using security knowledge and engage the other experts within other disciplines to resolve matters appropriately as required to resolve issues quickly.
Act as a 3rd tier escalation for customer security issues on the phone providing guidance and expertise independently. When a solution is beyond the scope of knowledge, engaging other experts to provide solutions appropriately.
Conduct quality reviews on outgoing tickets and security engagements. At a system level, identify opportunities to improve processes, workflows, and tooling to increase efficiency, and recommend solutions to management based on findings. Advise peers and receive input on how to provide a better customer experience.
Exercise security expertise using the development platform to elevate more precise signal with minimal noise. Suggest news ways to refine signal to noise
Address all customer questions or concerns related to Tier 3+ security incident tickets.
Serve as an escalation point for TSA, TSE1, and TSE2, questions or issues. Coach and mentor other team members based on expertise.
Drive security compromise investigations mentoring Tier 2 team members, looking for root point of compromise in a post-mortem. Act as the escalation point providing guidance and next steps.
Prioritize task work according to understood and implied priorities.
Interact on behalf of AWN with customers as a technical representative and senior-level provider of security services.
Key Skills
Strong understanding of Active Directory function
Strong understanding of windows utilities
Strong understanding of firewall concepts
Understanding of common business network environments
Basic understanding of security concerns for common cloud-based infrastructure-as-a-service providers:
Strong understanding of security concerns for common cloud-based services:
Understanding of security principles and tools
Basic understanding of DTR process, and practical use
Strong understanding of Identify, Contain, and Eradicate phases of Incident Response
Key Competencies
Minimum Qualifications
Relevant education could include university degree, college diploma, or industry certifications
3-5 years relevant experience
Preferred Qualifications
Environment and Physical Demands
Work is primarily sedentary in nature and can be executed sitting or standing positions in an office environment.
Requires ability to utilize technology related to using a keyboard, verbal communication, and work with device screens which require visual acuity.
If located in a company office, often requires the mobility to physically navigate the space.
In the event of business travel, mobility sufficient to utilize public and private transport and navigate to essential locations.
May include moving or lifting of 25 pounds or less (e.g., office chair, reams of paper).
Travel Requirements
Typically 10% or less of business travel
Security Requirements
Conducts duties and responsibilities in accordance with AWN's Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AWN business information.
Each successful candidate will be required to pass a criminal background check and an employment verification as a condition of employment.