Job Description
Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry. Job Description
Primary Roles and Responsibilities:
- Author, test, and maintain automation scripts/workflows within SOAR platform
- Integrate SOAR platform with other security tools and APIs to execute automated workflows
- Automate Security Incident Response processes by providing the ability to analyze and resolve alerts from security tools
- Maintain knowledge and understanding of current and emerging SIEM practices and standards
- Build analysis and correlation logic to enable security threat hunting and investigation practices
- Effectively interact with colleagues across the Cybersecurity team, as well as the broader Technology and Application teams
- Support SIEM operations by writing/testing complex correlation rules and handling log source integration with SIEM
- Clearly identify, capture, articulate, design, implement, and maintain security operations use cases
- Work on complex technical problems and provide innovative solutions
- Assist with process development and process improvement/automation for Security Operations
REQUIRED QUALIFICATIONS:
Skills:
- Excellent communication skills
- Experience with architecture and implementation of SOAR solutions
- Strong scripting skills in either python (strongly preferred) or powershell for automation in Windows and Linux environments
- Experience with Linux shell scripting
- Good understanding of the offensive and defensive sides of security
- Expert level experience in deployment and managing SIEM platforms
- Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources
- In-depth knowledge of architecture, engineering, and operations of any enterprise SIEM platform
- Deep understanding of logging mechanisms of:
- Windows
- Linux
- Mac OS
- Networking technologies
- Azure cloud technologies
- Security Operations Center (SOC) work experience desired
Experience:
- More than 6-8 years of experience in Enterprise Cybersecurity or with a reputable Services / consulting firm offering Security Consulting, Implementation and Managed Security services
- 2+ years of relevant experience in Security Operations Center environment (SOC) desired
- Experience investigating security events, threats and/or vulnerabilities
- Scripting or programming experience (Shell scripting, PowerShell, Python, etc.,)
- Experience working on an agile development team or agile engineering team
- Experience in SOAR (Security Orchestration Automation Response) platform is preferred
- Experience maintaining and securing container technologies (Azure Kubernetes) strongly desired
- Experience with Cribl LogStream preferred
Education:
- Bachelor’s degree in Computer Science, Information Technology, Business, or Discipline involving Data Analytics OR Equivalent work experience
- Professional Certifications like GSEC, GCIA, CISSP, OSCP, etc., will be plus
Reporting Relationships
There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.