Security Incident Response Engineer - SOAR

Job Title:  Security Incident Response Engineer - SOAR

Department:  Information Security

Location: Hybrid (4 days onsite, 1 day remote)

About Acrisure

Acrisure is a global Fintech leader that combines the best of humans and high tech to offer multiple financial products and services to millions of businesses and individual clients. We connect clients to solutions that help them protect and grow what matters, including Insurance, Reinsurance, Cyber Services, Mortgage Origination and more.

Acrisure employs over 17,000 entrepreneurial colleagues in 21 countries and have grown from $38 million to $4.3 billion in revenue in just over ten years. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Responsibilities:

Incident Detection and Eradication:

• Conduct a thorough analysis of the incident, including its origins and impact.
• Collaborate with other teams to identify vulnerabilities and weaknesses in the security infrastructure and recommend improvements.
• Develop and implement strategies to remove the root cause of the incident.
• Ensure all malicious artifacts are eliminated from the environment.
• Use security tools and monitoring systems to identify and detect security incidents.
• Analyze security alerts and anomalies to determine if they represent actual security incidents.

Security Orchestration, Automation, and Response:

• Proficiency in designing and implementing end-to-end workflows within the SOAR platform.
• Ability to map out and optimize security incident response workflows within the SOAR platform.
• Experience working with APIs to integrate security tools and platforms seamlessly.
• Experience integrating SOAR solutions with cloud-based security services and platforms.
• Understanding of data normalization techniques to ensure consistency in data formats across integrated security tools.
• Knowledge of APIs provided by major cloud service providers (AWS, Azure, Google Cloud) for security automation.
• Proficient in developing metrics and reports to measure the effectiveness of automated processes.
• Ability to generate reports on key performance indicators (KPIs) related to incident response and automation.

Communication and Documentation:

• Communicate with stakeholders, including management, IT teams, and legal departments, to provide updates on the incident response process.
• Maintain detailed records of incident response activities, including timelines, actions taken, and outcomes.
• Prepare incident reports for management and other stakeholders.
• Coordinate with external parties, such as law enforcement or third-party incident responders.

Education/Experience:

• Distinguished Professional: 3 to 5 years of experience in Information Security
• 1-3 years of experience in incident response and SOAR.
• Endpoint Detection and Response (EDR) Security: Proven experience with SentinelOne, Microsoft Defender, CrowdStrike, or other EDR toolsets.
• Expertise in Infrastructure Security: In-depth understanding of infrastructure security, including Windows, Active Directory, Unix/Linux, Mobile Security, and Privileged Access Management.
• DFIR certifications, such as GCIH, GCFA, CHFI, or CCFP are a plus.

Benefits & Perks:

• Competitive Compensation
• Industry Leading Healthcare
• Savings and Investments
• Charitable Giving Programs
• Offering hybrid work option           
• Opportunities for Growth
• Parental Leave
• Generous time away