About the Role :
As part of the Security Services team, the Triage Engineer (TE) is a role that leverages your security expertise to identify, detect, and notify customers of security events ongoing within their environment.
The TE will be expected to have a deep knowledge of various threats and forms of attack while having demonstrated experience in highly technical security roles.
The successful candidate will be working shifts in a 24x7 environment with focus on security investigations, security related task work, and improvement activities to better the triage function.
This role will have a high technical aspect and limited customer relationship function, in that you will managing security incidents and working with Concierge Security Teams to provide the post-incident remediation activities.
Arctic Wolf TEs are accountable for the detection and notification of security incidents to our customers.
Your Responsibilities :
Analyze incoming security events based on different data points; network, endpoint, and log sources expediently, consistently, and accurately
Prioritize incoming events exceptionally well
Willingness to run a security incident to completion; detect, work with team members, and communicate effectively with internal and external team parties throughout the process.
Steer complex investigations within your area of expertise, and leverage your security knowledge to engage the other experts within other disciplines appropriately
Prioritize task work according to understood and implied priorities
Conduct quality reviews on outgoing tickets, security engagements, and at a system level looking for areas of improvement
Contribute your security expertise using the development platform to elevate more precise signal with minimal noise
Ability to coach and mentor other team members to share knowledge and expertise
Continuously broaden your security expertise and depth within a set competency
Arctic Wolf is a fast-growing company, and all TE candidates should expect to work with many teams within Arctic Wolf, including engineering, operations, sales, marketing, and executive management.
A positive can-do attitude is a must. A willingness to learn and continuous self-improvement is critical. An ability to deal with uncertainty is a positive.
Required Skills and Experience :
5+ years Industry experience; Information Security, Network Security, or Cyber Security roles
3+ years additionally as a Network Admin, System Admin, Cloud Admin, or similar is strongly preferred
Have deep technical competency in two (2) of the following
Networking common protocols, server / client infrastructure, routers, switches, WAPs, etc
Perimeter firewalls, IDS, IPS, UTM, WAF, Gateways, Proxys, Mail Servers, etc
Authentication AD, SSO, MFA, etc
IaaS cloud services, AWS, Azure, GCP
End Point MDM, EDR, EPP, AV
SaaS collaboration tools including O365, GSuite, Box, Salesforce, Workday, etc
Experience working in a Security Operation Center, security incident response teams, or in roles with security forensics or malware analysis disciplines.
Analyze log and system data from the above list and other IT systems
Know how to use one or more scripting tools and languages such as Python, Bash, and Power Shell
Great writing and speaking skills
A positive can-do attitude
A willingness to learn and continuous self-improvement
There are no specific degree or certification requirements but degrees in engineering or technology are a plus. Any security or IT certification such as CISSP is also positive.
Employment Requirements :
Each successful candidate will be required to pass a criminal background check and an employment verification as a condition of employment.
Additional skills and experience :
Any security certifications, professional CISSP, SANS certifications, or technical certifications such as AWS or Cisco are viewed favorably
Firewall and IDS provisioning
Proxy and content filtering provisioning
Authentication and identify management
Risk and vulnerability Assessment
Network and security Auditing
PowerPoint presentation skills