Triage Security Engineer 2 (m/f/d)
Frankfurt, Germany
About the role:
The Triage Security Engineers manage incoming security incidents, provide security solutions for customers and work with the Concierge Security team to provide post-incident follow-up.
Main responsibilities and tasks
Analysing security events using various data sources (network, endpoint, log sources); efficient navigation in the incident triage dashboard and processing of level 2 incidents.
Take technical lead on customer cases; support less experienced triage team members and escalate to concierge team for functional requests.
Prioritisation of medium to complex events according to customer SLO; independent decision on prioritisation and escalation as required.
Independent performance of complex investigations in the specialised field and involvement of experts from other disciplines to solve cases.
Check traffic and logs to detect malicious activity; escalate incidents to level 3 if required.
Handling complex customer enquiries about security compromises or unexpected network activities; independently utilising specialist knowledge and involving other experts to find a quick solution.
Function as 2nd escalation level for customer enquiries by telephone; involvement of further experts in complex cases.
Performing quality checks on outbound tickets and security engagements; identifying opportunities for improvement at a system level and advising the team on how to optimise the customer experience.
Independently analyse alerts (EDR, phishing, vulnerability scans) and make decisions as a customer representative.
Use of security expertise to optimise signals with minimal noise on the development platform.
Processing customer queries on CDO or Tier 2+ tickets relating to security incidents.
Act as escalation point for requests and issues from CDO, TSA and TSE1 teams; coaching and mentoring of team members according to expertise.
Conduct basic security compromise investigations in collaboration with the Tier 3 team to identify the point of origin.
Task prioritisation according to defined and implicit priorities.
Representation of AWN as technical contact and provider of security services in customer contact.
Important skills
1 - 4 years of industry experience in the areas of information security, network security or cyber security
There are no specific degree or certification requirements, but a degree in a technical subject is an advantage. A security or IT certification such as CISSP is also an advantage.
In-depth understanding of email technologies and phishing analysis
Basic knowledge of how Active Directory works
Familiarity and understanding of warning messages
In-depth understanding of the basic functions of operating systems
Knowledge of basic firewall concepts
Solid understanding of network fundamentals
Familiarity with cloud-based infrastructure-as-a-service (IaaS)
Basic knowledge of common cloud-based services
Sound understanding of basic security principles
Basic knowledge of the cyber kill chain or the MITRE ATT&CK framework
Understanding the phases of an incident response
Our offer
Attractive salary package incl. company shares
International, diverse and inclusive working environment
Top location in Frankfurt, modern IT equipment (Macs)
Trust-based working hours, 30 days' holiday
Training, certifications, career opportunities
Company pension scheme
Regular social events, legendary Arctic Wolf parties
Our values:
At Arctic Wolf, we foster a collaborative work environment that welcomes diversity to strengthen our teams globally. We are one of the 50 most innovative companies in the world (Fast Company) and have been recognised many times, including as a "Top Company" by Kununu in Germany. Arctic Wolf is an equal opportunity employer and is committed to an accessible, respectful and inclusive environment. We offer applicants and employees with disabilities the necessary adjustments to enable equal participation.
Have we piqued your interest? Then send us your CV and your references.
Triage Security Engineer 2 (m/f/d)
Frankfurt, Germany
About the role:
The Triage Security Engineers manage incoming security incidents, provide security solutions for customers and work with the Concierge Security team to provide post-incident follow-up.
Main responsibilities and tasks
Analysing security events using various data sources (network, endpoint, log sources); efficient navigation in the incident triage dashboard and processing of level 2 incidents.
Take technical lead on customer cases; support less experienced triage team members and escalate to concierge team for functional requests.
Prioritisation of medium to complex events according to customer SLO; independent decision on prioritisation and escalation as required.
Independent performance of complex investigations in the specialised field and involvement of experts from other disciplines to solve cases.
Check traffic and logs to detect malicious activity; escalate incidents to level 3 if required.
Handling complex customer enquiries about security compromises or unexpected network activities; independently utilising specialist knowledge and involving other experts to find a quick solution.
Function as 2nd escalation level for customer enquiries by telephone; involvement of further experts in complex cases.
Performing quality checks on outbound tickets and security engagements; identifying opportunities for improvement at a system level and advising the team on how to optimise the customer experience.
Independently analyse alerts (EDR, phishing, vulnerability scans) and make decisions as a customer representative.
Use of security expertise to optimise signals with minimal noise on the development platform.
Processing customer queries on CDO or Tier 2+ tickets relating to security incidents.
Act as escalation point for requests and issues from CDO, TSA and TSE1 teams; coaching and mentoring of team members according to expertise.
Conduct basic security compromise investigations in collaboration with the Tier 3 team to identify the point of origin.
Task prioritisation according to defined and implicit priorities.
Representation of AWN as technical contact and provider of security services in customer contact.
Important skills
1 - 4 years of industry experience in the areas of information security, network security or cyber security
There are no specific degree or certification requirements, but a degree in a technical subject is an advantage. A security or IT certification such as CISSP is also an advantage.
In-depth understanding of email technologies and phishing analysis
Basic knowledge of how Active Directory works
Familiarity and understanding of warning messages
In-depth understanding of the basic functions of operating systems
Knowledge of basic firewall concepts
Solid understanding of network fundamentals
Familiarity with cloud-based infrastructure-as-a-service (IaaS)
Basic knowledge of common cloud-based services
Sound understanding of basic security principles
Basic knowledge of the cyber kill chain or the MITRE ATT&CK framework
Understanding the phases of an incident response
Our offer
Attractive salary package incl. company shares
International, diverse and inclusive working environment
Top location in Frankfurt, modern IT equipment (Macs)
Trust-based working hours, 30 days' holiday
Training, certifications, career opportunities
Company pension scheme
Regular social events, legendary Arctic Wolf parties
Our values:
At Arctic Wolf, we foster a collaborative work environment that welcomes diversity to strengthen our teams globally. We are one of the 50 most innovative companies in the world (Fast Company) and have been recognised many times, including as a "Top Company" by Kununu in Germany. Arctic Wolf is an equal opportunity employer and is committed to an accessible, respectful and inclusive environment. We offer applicants and employees with disabilities the necessary adjustments to enable equal participation.
Have we piqued your interest? Then send us your CV and your references.
Arctic Wolf® is a leading provider of security operations services, enabling organisations of all sizes and industries to manage cyber risk in an era of intelligent cyberattacks with its cloud-native security operations platform. The Arctic Wolf Aurora Platform captures and analyses more than seven trillion security events per week to enable cyber defence on an unprecedented scale. Customers can be confident in their IT security, availability and resilience and continuously improve it. By providing automated threat protection, response and remediation capabilities, Arctic Wolf delivers world-class security operations at the touch of a button to protect the organisation's most valuable assets.
You can find more information about Arctic Wolf at www.arcticwolf.com.
English 
German 
