The Managed Security Team at AHEAD monitors client environments and performs incident detection, validation, and reporting. The Sr SIEM Detection Engineer will be primarily responsible for designing, implementing, and maintaining high‑fidelity detection content within our cloud-based SIEM solutions, and for driving continuous improvement of AHEAD’s Managed Security detection capabilities across all clients.
This is a technical, hands-on position that requires a strong understanding of the needs of a 24/7 Security Operations Center (SOC). We are looking for a candidate with deep SIEM, security operations, and detection engineering experience who will work closely with the Managed Security staff and other highly technical teams, both within AHEAD and in client environments, to continuously improve and enhance AHEAD’s Managed Security SIEM detection strategy, rules, and content.
The ideal candidate possesses strong technical and analytical skills and can provide accurate analysis of security-related problems. They have a well-rounded networking and infrastructure background and are responsible for troubleshooting detection- and data-related issues in client environments. This individual is user-focused and works to resolve client needs in a timely manner. These needs may involve improving or tuning detections, investigating and responding to security threats, and making change requests to security policies and data collection configurations.
The Sr SIEM Detection Engineer is responsible for the day-to-day management and evolution of SIEM detection content used by the Managed Security Team to monitor client environments and detect security threats, including: data ingestion and normalization strategy, enrichment design, detection use case creation and tuning, alert quality and noise reduction, and detection performance monitoring. The Sr SIEM Detection Engineer is expected to be familiar with a wide range of security tools and understand core security detection and threat analysis fundamentals.