Triage Security Engineer 3

Position Overview and Objective

The Triage Security Engineers manage in-coming security incidents and works with the Concierge Security team to provide post-incident remediation activities. 

Primary Responsibilities and Duties

Analyze incoming security events based on different data points; network, endpoint, and log sources expediently, consistently, and accurately. Leverage education and training to identify correlations in client environment to determine if behavior is expected. Effectively navigate the Incident Triage Dashboard and load the Tier 3 incident queues.

Key Competencies

• Own overall technical guidance and direction for the case for the customer, with authority to guide less experienced Triage team members in support tasks and participation in customer interactions.  Escalate case to Concierge Security Team should customer requests require business relationship support for feature requests.

• Prioritize low or medium to complex incoming events based on SLO (Service Level Object) determined by customer exceptionally well. Use independent judgement to determine prioritization of events and alerts and escalates as needed.  

• Independently steer complex investigations within area of expertise, and leverage security knowledge to engage the other experts within other disciplines to resolve matters appropriately. 

• Review traffic and logs to determine secondary incidents of compromise and other malicious activity; escalate incidents from Tier 3 to the customer in a heightened state if a true positive event is suspected.

• Review complex customer security requests including but not limited to active customer breaches and compromises or unexpected activity found in their network; independently within area of expertise using security knowledge and engage the other experts within other disciplines to resolve matters appropriately as required to resolve issues quickly.

• Act as a 3rd tier escalation for customer security issues on the phone providing guidance and expertise independently.  When a solution is beyond the scope of knowledge, engaging other experts to provide solutions appropriately.

• Conduct quality reviews on outgoing tickets and security engagements. At a system level, identify opportunities to improve processes, workflows, and tooling to increase efficiency, and recommend  solutions to management based on findings. Advise peers and receive input on how to provide a better customer experience.

• Exercise security expertise using the development platform to elevate more precise signal with minimal noise.  Suggest news ways to refine signal to noise

• Address all customer questions or concerns related to Tier 3+ security incident tickets.

• Serve as an escalation point for TSA, TSE1, and TSE2, questions or issues. Coach and mentor other team members based on expertise.

• Drive security compromise investigations mentoring Tier 2 team members, looking for root point of compromise in a post-mortem.  Act as the escalation point providing guidance and next steps.

• Prioritize task work according to understood and implied priorities. 

• Interact on behalf of AWN with customers as a technical representative and senior-level provider of security services.

Key Skills

• Strong understanding of Active Directory function

• Strong understanding of windows utilities

• Strong understanding of firewall concepts

• Understanding of common business network environments

• Basic understanding of security concerns for common cloud-based infrastructure-as-a-service providers:

• Strong understanding of security concerns for common cloud-based services:

• Understanding of security principles and tools

• Basic understanding of DTR process, and practical use

• Strong understanding of Identify, Contain, and Eradicate phases of Incident Response

Minimum Qualifications

Relevant education could include university degree, college diploma, or industry certifications

3-5 years relevant experience

Environment and Physical Demands

Work is primarily sedentary in nature and can be executed sitting or standing positions in an office environment.

Requires ability to utilize technology related to using a keyboard, verbal communication, and work with device screens which require visual acuity.

If located in a company office, often requires the mobility to physically navigate the space.

In the event of business travel, mobility sufficient to utilize public and private transport and navigate to essential locations.

May include moving or lifting of 25 pounds or less (e.g., office chair, reams of paper). 

Travel Requirements

Typically 10% or less of business travel

Security Requirements

• Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AWN business information (in accordance with our employee handbook and corporate policies).

• Background checks are required for this position.

• This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these laws and regulations.