Security Incident Response Engineer - SOAR

Posted:
8/23/2024, 9:49:49 AM

Location(s):
Grand Rapids, Michigan, United States ⋅ Michigan, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security ⋅ Software Engineering

Workplace Type:
Hybrid

Job Title:  Security Incident Response Engineer - SOAR

Department:  Information Security

Location:  Remote or Hybrid (Grand Rapids, MI)

About Acrisure

Acrisure is a global Fintech leader that combines the best of humans and high tech to offer multiple financial products and services to millions of businesses and individual clients. We connect clients to solutions that help them protect and grow what matters, including Insurance, Reinsurance, Cyber Services, Mortgage Origination and more.

Acrisure employs over 17,000 entrepreneurial colleagues in 21 countries and have grown from $38 million to $4.3 billion in revenue in just over ten years. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Responsibilities:

Incident Detection and Eradication:

  • Conduct a thorough analysis of the incident, including its origins and impact.
  • Collaborate with other teams to identify vulnerabilities and weaknesses in the security infrastructure and recommend improvements.
  • Develop and implement strategies to remove the root cause of the incident.
  • Ensure all malicious artifacts are eliminated from the environment.
  • Use security tools and monitoring systems to identify and detect security incidents.
  • Analyze security alerts and anomalies to determine if they represent actual security incidents.

Security Orchestration, Automation, and Response:

  • Proficiency in designing and implementing end-to-end workflows within the SOAR platform.
  • Ability to map out and optimize security incident response workflows within the SOAR platform.
  • Experience working with APIs to integrate security tools and platforms seamlessly.
  • Experience integrating SOAR solutions with cloud-based security services and platforms.
  • Understanding of data normalization techniques to ensure consistency in data formats across integrated security tools.
  • Knowledge of APIs provided by major cloud service providers (AWS, Azure, Google Cloud) for security automation.
  • Proficient in developing metrics and reports to measure the effectiveness of automated processes.
  • Ability to generate reports on key performance indicators (KPIs) related to incident response and automation.

Communication and Documentation:

  • Communicate with stakeholders, including management, IT teams, and legal departments, to provide updates on the incident response process.
  • Maintain detailed records of incident response activities, including timelines, actions taken, and outcomes.
  • Prepare incident reports for management and other stakeholders.
  • Coordinate with external parties, such as law enforcement or third-party incident responders.

Education/Experience:

  • Distinguished Professional: 3 to 5 years of experience in Information Security
  • 1-3 years of experience in incident response and SOAR.
  • Endpoint Detection and Response (EDR) Security: Proven experience with SentinelOne, Microsoft Defender, CrowdStrike, or other EDR toolsets.
  • Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management.
  • DFIR certifications, such as GCIH, GCFA, CHFI, or CCFP are a plus.

Benefits & Perks:

  • Competitive Compensation
  • Industry Leading Healthcare
  • Savings and Investments
  • Charitable Giving Programs
  • Offering hybrid work option           
  • Opportunities for Growth
  • Parental Leave
  • Generous time away

Acrisure is committed to making an impact in our communities by giving back, with millions committed to children’s health with Helen Devos Children’s Hospital and UPMC Children's Hospital of Pittsburgh.

For more, visit www.Acrisure.com  or learn more here.

#LI-RM1 #LI-Remote

                                                                                              

Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without attention to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran, or disability status.  California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com/privacy/caapplicant.
 

To Executive Search Firms & Staffing Agencies: Acrisure does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered Acrisure’s property, and Acrisure will not be obligated to pay a referral fee. This includes resumes submitted directly to Hiring Managers without contacting Acrisure’s Human Resources Talent Department.