At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.

AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, & Thursday and remote working options for Monday and Friday.

At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.

AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, & Thursday and remote working options for Monday and Friday.

What you'll do

As a member of the Information Security (IS) team, you will contribute to the overall cyber defense of information assets and will conduct security monitoring, detection engineering, threat hunting, security posture analysis, and perform incident response investigations.

The ideal candidate will have technical depth in the Microsoft security stack, which would include practical use of the Kusto Query Language (KQL) to perform day to day work. The AlixPartners Security Operations team heavily uses KQL for detection engineering, threat hunting, performing data analysis to improve security posture, and more. A background in Splunk Search Processing Language (SPL), or similar, may also be considered. Tools a candidate has experience with may include Sentinel, Defender for Cloud Apps, Defender for Identity, Secure Score, and Defender for Cloud. Knowledge in Microsoft Azure is also preferred.

Known internally as Security Operations Senior Analyst, this is a full-time position located in Southfield, MI, reporting to the Security Operations Team Lead. Paid relocation is not available.

• Respond to, investigate, and analyze security events to determine appropriate actions
• Analyze security system logs, security tools, and available data sources on a regular basis to identify attacks against the enterprise and report on any irregularities, issues related to improper access patterns, trending, and event correlations
• Conduct and apply detection engineering concepts to analyze, create, and tune detection logic and telemetry to ensure effective coverage and detection of existing and emerging threats
• Perform security posture analysis to improve overall IT ecosystem utilizing telemetry from security tools (Secure Score, KQL analysis, etc.)
• Gather information from other IT staff and non-IT staff to obtain information regarding security problems to networks, servers, endpoints, and applications.
• Perform incident response activities and ensure that proper protection or corrective measures have been taken when an incident has been discovered
• Assist with administration of information security controls and software such as endpoint protection, endpoint detection and response, intrusion detection/prevention (IDS/IPS), security incident and event management (SIEM), and physical security systems
• Expected to stay current on security industry trends, new threats and attack techniques, mitigation techniques, and emerging security technologies
• Provide insight and participate in security projects to evaluate and recommend security products for various applications and platforms throughout the organization while supporting business initiatives
• Assist with the development, maintenance of, and training on technical documentation and Standard Operating Procedures (SOP).
• Improve security efficiency and streamline/automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
• Participate in critical incidents and implementation reviews
• Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities

What you'll need

• Highly motivated to work in information security
• Minimum four (4) years of Information Security experience, or experience working in Information Technology
• Bachelor's degree in Information Technology or related field preferred; work experience and background may be considered in lieu of formal education
• Proven experience creating detection logic, SIEM rules, custom detections within EDR tools, etc.
• Desire to continuously improve processes and procedures and share information with the team
• Collaborative interpersonal skills with the ability to work well as an individual and as part of a team
• Excellent written and verbal communication skills in English and any other local office language(s)
• Ability to provide formal reports and presentations to people at all levels
• High attention to detail with the ability to be organized and prioritize tasks so work is completed in an accurate and timely manner under time constraints
• Proficient knowledge of information systems security concepts and current information security trends and practices
• Working knowledge of infrastructure security tools such as firewalls, network security monitoring, anti-malware, OS hardening, etc.
• Experience integrating security tools through scripting, using API's and improving existing processes through automated methods are a plus
• Experience with Security Incident and Event Management (SIEM) and Endpoint Security tools are a plus
• Incident Response, Forensics, and Malware Analysis experience is a plus
• System administration and security hardening experience is a plus
• Cloud security experience is a plus
• Data analytics / data science techniques and understanding is a plus
• Security Certifications such as the following are a plus (Security+, CISSP, SANS GIAC certifications, Microsoft Security certifications)
• Willingness to work outside of normal U.S. business hours, and as unique projects/needs arise
• Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the workday
• Must become familiar with, and promote and abide by, our Core Values as defined by the AlixPartners'Code of Conduct and foster an inclusive environment with people at all levels of an organization

The firm offers a comprehensive benefits program including health, vision, dental, disability, 401K, tuition reimbursement, identity theft protection, and mental wellness support. Employees will also receive a generous paid leave policy including vacation/personal time starting at 7.34 hours per pay period, sick time up to 80 hours annually, parental leave, and twelve holidays.

AlixPartners is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability. AlixPartners is a proud Silver award-winning Veteran Friendly Employer.

#LI-KL1

#LI-Hybrid